The activists, who go by the name Lapsus$ and allegedly hail from the UK, released images of stolen code from the tech companies on their social media pages.
A new group of hackers called Lapsus$ have been making the rounds recently as they have already successfully completed a number of cyber-attacks on several high-profile firms. What’s different about them, when compared to your average person hidden in a dark room behind the screen of a laptop, is that they specifically target companies within the tech industry.
To through some salt on the wound, they go on to boast about all their “accomplishments”, plastering a number of images containing code that they’ve stolen from their targets all over their social media profiles. They even go so far as to publish recruitment notices, asking others with the appropriate skills to join their efforts.
But this new group is not to be taken lightly. As mentioned earlier, they’ve already completed a number of successful cyber-attacks on companies like Microsoft, PC graphics processing designer NVidia and Samsung. In fact, the attack on NVidia almost made the company adopt a zero-trust policy with all its employees.
Although only one account was compromised during the attack, Microsoft published a length blog post in which they highlighted just how much of a threat this new group, which they call DEV-0537, really is, depicting them in a really ominous light:
“Microsoft Threat Intelligence Centre assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enables data theft and destructive attacks against a targeted organisation, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” said the blog post.
According to Microsoft, Lapsus$ would gain access to companies’ networks by targeting the people who worked for them, usually going for those on the lower corporate level who would rarely come under suspicion.
“Given that employees typically use these personal accounts or mobile phone numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.
“Based on observed activity, this group understands the interconnected nature of identities and trust relationships in modern technology ecosystems and targets telecommunications, technology, IT services and support companies – to leverage their access from one organisation to access the partner or supplier organisations.
“They have also been observed targeting government entities, manufacturing, higher education, energy, retailers, and healthcare.”
On a more positive note, the fact that this new group is said to be rooted in the UK means that it might also be easier to find by the local authorities, than if it were located in some other country like China, in which laws regarding cyber security are a lot more complicated.
Certain reports claim that the leader of this organisation is a high-schooler.