Wednesday, March 29

What we know about Lapsus$, the group of cybercriminals behind the hacks of Nvidia, Samsung and MercadoLibre

The same group of cybercriminals has put Nvidia and Samsung in check in a few weeks. Is about Lapsus$, a mysterious group that publishes its attacks on Telegram. Little is known about them, since their first movements were in the middle of 2020, but it has not been until now that they have jumped to the front page by targeting two giants of the technological world and putting their systems in trouble.

From Nvidia they managed to get hold of more than 70,000 company employee credentials, as well as the code from developments as recent as the future RTX 3090 Tithreatening to release the source code of the drivers if they did not agree to his demands.

From Samsung, they leaked a total of 190 GB of code from different manufacturer mobiles, from the bootloader to encryption algorithms. Samsung confirmed the incident, confirming that Lapsus$ is a real threat and a group with enough resources to access compromised data from some BigTech.


Another affected has been Mercado Libre. The company itself has confirmed the attack, affecting more than 300,000 users and Mercado Pago. According to their initial analysis, they have found no evidence that their infrastructures have been compromised or that they have obtained user passwords or financial information. A response similar to that offered by Samsung, in which they claim that the attackers have not obtained personal data, but internal information from its source code.

What real hackers think of Hacking Team

As described by TitanHq, the origin of the introduction of the ransomware is in an attack by phishing. This allows cybercriminals to access high-level internal systems and gain access to control panels or social network accounts, from where Lapsus$ has even published a tweet, as happened with SIC, the largest television in Portugal.

Also Read  If you've been missing Movie Maker, Windows 11 has good news for you: Clipchamp

Lapsus$ movements point to Brazil

Lapsus$ has not yet acknowledged the cyber attack on Mercado Libre, however it does coincide in time with the last survey published on its Telegram account, where they targeted this company precisely.

Along with Mercado Libre, Lapsus targets Vodafone and Impresa. There is no record of an attack on the operator, but Impresa, parent company of Portuguese media such as Expresso or SIC Noticias, has noticed an intrusion in its systemshaving to temporarily block their web pages.


slip$ doesn’t seem to follow the trend of other ransomware groups. Instead of asking for a ransom to prevent the publication of the data, the interests of Lapsus$ are going to request actions such as providing facilities to be able to mine cryptocurrencies, in the case of Nvidia.

Jon Andrews, VP of risk platform Gurucul, explains to Tech Monitor that Lapsus$ motivations seem to go beyond pure extortion: “Lapsus$ has said in the past that their actions are not politically motivated, but the fact that they not only encrypt their victims’ data and demand a ransom indicates that they are not just looking for a quick profit. Rather, it appears that they have some kind of agenda, whatever it is”.

Telegram Lapsus

The origin of Lapsus$ is not confirmed and there is no record of any specific name belonging to the organization. However, there are several indications that point to Brazil as the place of origin of this group of cybercriminals.

Also Read  These are the best cheap Xiaomi phones in 2022

One of them is the attack on the Portuguese media. This coincides with his first notable appearance, which was in 2020 when they targeted the Brazilian Minister of Healthaccording explains Xue Yin Peh, an analyst at Digital Shadows. In that attack the group claimed to leak 50TB of data. Subsequently, other Brazilian organizations and Portuguese-speaking companies such as Impresa, Claro, Embratel, NET and Localiza were their targets. That was last year, but in 2022 they have taken a huge leap by going up against tech giants like Nvidia or Samsung.

Image | Joan Gamell
In Xataka | This is OnionIRC, Anonymous’s hacker school

Leave a Reply

Your email address will not be published. Required fields are marked *