In recent months, Silicon Valley has been enlivened by the Lapsus$ hacker syndicate which has broken into tech giants like Samsung, Microsoft, and others. Their actions attract attention because of their unusual technique.
Almost all of Lapsus$'s targets are well-known technology companies such as Samsung, Microsoft, Ubisoft, Nvidia, and Okta. In almost all cases, Lapsus$ managed to steal confidential company data such as source code which was then leaked on the internet.
Before attacking big tech companies, Lapsus$ carried out cyber attacks in several South American countries. One of its first victims was the Brazilian Ministry of Health, where the Lapsus$ gang stole 50TB of data, including data related to COVID-19.
When first reported, Lapsus$ was referred to as a ransomware gang. But in practice they never use ransomware, and instead rely on extortion.
The victim's data stolen by Lapsus$ is not encrypted. They only take important data and threaten to spread it on the internet if the ransom is not paid.
To infiltrate the target's internal system, Lapsus$ uses various strategies, ranging from using the Redline malware that can steal passwords, social engineering, to buying leaked usernames and passwords on the dark web.
They also do not hesitate to approach insiders and employees of the target company. Reportedly, Lapsus$ leaders once offered a salary of USD 20,000 per week for Verizon and AT&T employees to defect and help with their cybercrime operations.
This strategy seems to be quite successful, considering that the coverage of the data that was successfully taken over by Lapsus$ was quite crucial. For example, when they broke into Microsoft they claimed to have stolen 90% of the source code for the Bing search engine, almost half the source code for Bing Maps and the virtual assistant Cortana.
Unlike other hacking syndicates, which operate secretly so as not to be caught, the Lapsus$ gang actually publishes their work openly.
Most ransomware gangs have their own websites where they leak corporate data. Meanwhile Lapsus$ relies on Telegram and social media to spread their achievements. Currently, the Lapsus$ Telegram channel has around 48,000 followers.
"Unlike most groups that are under the radar, Lapsus$ doesn't seem to be covering its tracks," said Microsoft's Threat Intelligent Center researcher in a blog post, as quoted by Gizmodo, Sunday (27/3/2022).
"They even announced their attack on social media or promoted their intention to buy the credentials of the targeted organization's employees," he added.
Their intention to seek public attention is what makes Lapsus$ easy to track down. Recently, seven British teenagers aged 16-21 years were arrested for suspected links to the Lapsus$ group.
Not only that, the person suspected of being their leader has also been identified. The hacker who is suspected to be the boss of Lapsus$ turned out to be a 16-year-old teenager who lives in Oxford, England. His identity was revealed through doxing carried out by a competitor group.