Episode Description:
In this episode of Intrusions and Depth, Josh Stepp unpacks the audacious rise and chaotic downfall of the Lapsus$ hacking collective. Known for targeting some of the biggest names in technology, including Microsoft, Nvidia, and Rockstar Games, this group rewrote the playbook on cybercrime with tactics as unconventional as their teenage leadership. From SIM-swapping and MFA fatigue attacks to social engineering and public Telegram boasts, Josh examines how Lapsus$ exposed glaring vulnerabilities in global cybersecurity defenses while raising ethical questions about balancing punishment and rehabilitation for young offenders.
Main Topics Discussed:
The Rise of Lapsus$
Lapsus$ emerged in 2021 as a flamboyant hacking group known for bold, public-facing tactics, including defacing websites and leaking sensitive corporate data.
Their attacks included high-profile breaches at companies like Microsoft, Nvidia, Uber, and Rockstar Games.
Methods and Tactics
Lapsus$ favored social engineering over sophisticated exploits, using techniques like SIM-swapping, MFA fatigue, and exploiting support team access to gain entry.
A notable hallmark was their public taunting of victims and recruitment via Telegram.
High-Profile Breaches
Nvidia: Demanded removal of the cryptocurrency mining limiter from GPUs, escalating into a public back-and-forth.
Microsoft: Compromised 37GB of source code for Bing and other internal projects.
Rockstar Games: Leaked early footage of Grand Theft Auto VI, sparking fan outrage and security debates.
The Downfall
Arrests in 2022 and 2023 revealed the group’s youthful composition, with some members as young as 16.
The sentencing of leader Arion Kurtaj to indefinite detention highlighted the intersection of cybercrime and mental health issues.
Lessons for Cybersecurity
Reflections on how Lapsus$ forced global organizations to rethink their reliance on MFA and social engineering defenses.
Call to Action:
Subscribe to the podcast for more episodes on high-profile cyber intrusions.
Visit our website at intrusionsindepth.com for additional stories and insights.
Share your thoughts on social media using #IntrusionsInDepth.
Links and Resources:
https://www.bbc.com/news/technology-66549159
https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf
https://www.reuters.com/world/americas/bolsonaro-dismisses-vaccination-requirement-entry-into-brazil-2021-12-07/
https://www.reuters.com/technology/brazils-health-ministry-website-hit-by-hacker-attack-systems-down-2021-12-10/
https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/
https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
https://blog.checkpoint.com/security/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/
https://malpedia.caad.fkie.fraunhofer.de/actor/lapsus
https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf
https://techcommunity.microsoft.com/discussions/securityandcompliance/new-blog-post--dev-0537-criminal-actor-targeting-organizations-for-data-exfiltra/3264957
https://en.wikipedia.org/wiki/Samy_Kamkar
https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/
https://unit42.paloaltonetworks.com/lapsus-group/
https://x.com/vxunderground/status/1506114493067186183/photo/4
https://www.darkreading.com/cyberattacks-data-breaches/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds
https://www.law.cornell.edu/wex/chevron_deference
https://www.zscaler.com/blogs/product-insights/what-you-need-know-about-lapsus-supply-chain-attacks
https://www.uber.com/newsroom/security-update
https://blog.avast.com/nvidia-allegedly-hacks-back-avast
https://www.crn.com/news/security/nvidia-hacks-ransomware-gang-back-to-block-data-leaks-group-claims?
https://www.spiceworks.com/it-security/data-security/news/nvidia-data-breach-lapsus/
https://www.threatdown.com/blog/nvidia-the-ransomware-breach-with-some-plot-twists/
https://www.wired.com/story/lapsus-hacking-group-extortion-nvidia-samsung/
https://www.optimumsr.co.uk/anniversary-of-the-lapsus-hack-on-rockstar-what-have-we-learned/
https://www.bleepingcomputer.com/news/security/e-commerce-giant-mercado-libre-confirms-source-code-data-breach/
https://www.bleepingcomputer.com/news/security/samsung-confirms-hackers-stole-galaxy-devices-source-code/
https://www.bleepingcomputer.com/news/security/nvidia-data-breach-exposed-credentials-of-over-71-000-employees/
https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/
https://therecord.media/rockstar-confirms-cyberattack-leak-of-confidential-data-including-gta-6-footage
https://therecord.media/british-prosecutors-accuse-teen-lapsus-member-of-uber-revolut-rockstar-hacks
https://flashpoint.io/blog/lapsus/
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/
https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf
https://x.com/davidmarcus/status/1862867849988944361
https://www.businessinsider.com/meta-libra-crypto-project-regulators-david-marcus-2024-12
https://archive.is/xGIdu
https://www.sophos.com/en-us/content/pacific-rim
https://www.brennancenter.org/our-work/analysis-opinion/house-passes-section-702-reauthorization-bill-without-protections-against
Credits:
Host: Josh Stepp
Produced by: Josh Stepp
Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!
Share this post