A group of hackers go on a rampage of unorthodox cyberattacks. They hack large groups, such as Nvidia, Samsung or Microsoft. They make their community vote on what data to publish. They demand money, but from time to time they have very specific requests.
At the beginning of March, Nvidia explained that it had suffered a major cyberattack. There was 1TB of data stolen, including a significant amount of sensitive information about Nvidia graphics card designs, source code for a DLSS system, and usernames and passwords of more of 71,000 Nvidia employees. Then it was Samsung’s turn. We are talking here about 190 GB of data, including the source code of the bootloader and the biometric authentication system algorithms of the Galaxy smartphone range. A few days later, Ubisoft joined the fray.
From now on, it is Microsoft who has paid the price. Behind these cyberattacks: a group of hackers which we call Slip$.
Lapsus$ allegedly stole 250 projects from Microsoft
Each time, it’s the same modus operandi: in exchange for their non-disclosure, Lapsus$ demands money or specific elements. For Nvidia, for example, they demanded that the American group deactivate systems that restrict graphics cards by limiting their performance for cryptocurrency mining. They also demanded that Nvidia make their drivers open source.
For Microsoft, this time, Lapsus$e claims to have stolen not only the source code of the Bing browser, but also that of its mapping system and the Cortana assistant. We are talking here about 90% of the code of Bing Maps, or 45% of the code of Cortana and Bing.
The hacker group first posted a screenshot of the files last weekend, then shared a 7-zip archive containing all the files. The zipped file is only 9 GB, but when unzipped it’s 37 GB of source code for over 250 Microsoft projects. Microsoft has not yet confirmed whether the data leak contains sensitive data for Bing and other services, but the US group confirmed that it has launched an investigation into the allegations. The Redmond firm is not the only company currently targeted, LG and Okta have also been affected.
Who is behind Lapsus$?
Lapsus$ is a newcomer. Its first cyberattack campaigns targeted Brazilian and Portuguese companies at the end of 2021, starting with the Brazilian Ministry of Health, the media Impresa and the South American operators Claro and Embratel. This group claims to be motivated only by money, however their goals seem broader. They have broadened their ambitions by attacking large international groups. Lapsus$ seems to be a collective, rather than a disciplined group, based in South America with some members in Europe and Asia.
The Lapsus$ group has many particularities. First of all, if he happens to deploy ransomware as part of his attacks, it is not systematic: sometimes he just steals data from his victim and threatens to sell or disclose it. … if no financial “agreement” is found. To initiate its cyberattacks, Lapsus$ essentially targets internal employees of companies, by trying to hack into their access systems. It’s also possible they’re using Okta, an identity management platform that Lapsus$ claims to have hacked.
What makes Lapsus$ unique among groups of hackersis their use of Telegram to establish a social media presence and give themselves a public voice. The group of hackers seems to seek notoriety through these various cyberattacks. Instead of carrying out attacks of ransomware, Lapsus$ instead threatens to release the stolen information for money. There does not seem to be any political will, unlike the group Anonymous.
In the meantime, the question is who will be the next company in Lapsus$’s sights?
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.