Microsoft Says Digital Extortion Gang Lapsus$ Targets Cryptocurrency, Too (bloomberg.com) 9
An anonymous reader shares a report: A digital extortion gang with a murky background and unconventional methods -- one researcher called them "laughably bad" at times -- has claimed responsibility for a string of compromises against some of the world's largest technology companies. The group, known as Lapsus$, said in a series of public posts on the messaging app Telegram this week that it had accessed Okta, the San Francisco-based identity-management firm that provides authentication tools for an array of business clients. Okta said Tuesday that attackers may have viewed data from approximately 2.5% of its customers after breaching the laptop of an engineer at a third-party vendor.
Lapsus$ previously claimed to breach organizations including Nvidia, Samsung Electronics, and the gaming company Ubisoft Entertainment. The group said it also accessed data from Microsoft, saying it had gathered source code from the company's Bing search engine, Bing Maps and the Cortana digital assistant. Microsoft said attackers gained "limited access" to its systems, and that attackers had compromised a single account to gather data. In recent years, most hacking groups have used malware to encrypt a victim's files, then demanded payment to unlock them, so-called ransomware. Sometimes the groups steal sensitive data and threaten to make it public unless they are paid. Lapsus$ functions as a "large-scale social engineering and extortion campaign," though it does not deploy ransomware, Microsoft said. The group uses phone-based tactics to target personal email accounts at victim organizations and pays individual employees or business partners of an organization for illicit access, according to Microsoft. Lapsus$ also is known for hijacking individual accounts at cryptocurrency exchanges to drain user holdings.
Lapsus$ previously claimed to breach organizations including Nvidia, Samsung Electronics, and the gaming company Ubisoft Entertainment. The group said it also accessed data from Microsoft, saying it had gathered source code from the company's Bing search engine, Bing Maps and the Cortana digital assistant. Microsoft said attackers gained "limited access" to its systems, and that attackers had compromised a single account to gather data. In recent years, most hacking groups have used malware to encrypt a victim's files, then demanded payment to unlock them, so-called ransomware. Sometimes the groups steal sensitive data and threaten to make it public unless they are paid. Lapsus$ functions as a "large-scale social engineering and extortion campaign," though it does not deploy ransomware, Microsoft said. The group uses phone-based tactics to target personal email accounts at victim organizations and pays individual employees or business partners of an organization for illicit access, according to Microsoft. Lapsus$ also is known for hijacking individual accounts at cryptocurrency exchanges to drain user holdings.
laughably bad? (Score:3)
The people at big companies that get breach aren't laughing.
Re: (Score:2)
Re: (Score:2)
Well this is the dumbest hot take I've read on Slashdot in a while.
Re: (Score:2)
Re: (Score:2)
Citizens no longer care about data breaches. We accept them. Companies won't care if we don't care. Seems each citizen has a responsibility in their city, state, and country of their residence.
Pretty much. In particular, regulation and laws will be ineffective and soft on the cretins getting hacked if the citizens do not care.
Re: (Score:2)
Re: (Score:2)
If we accept that the laughably bad label should be applied to them then what does that say about the companies that they've breached so far?
The obvious: Many companies have laughably bad IT security. Just think of equifax, were a publicly visible web-server did not get patched long after it had a known vulnerability. That is not security, that is gross incompetence.
Re: (Score:2)
The people at big companies that get breach aren't laughing.
Well, if you have laughably bad security, even laughably bad attackers can get in. This is, of course, not a laughing matter.
Hack the Planet! (Score:2)