Uber identifies Lapsus$ hackers as perpetrators of recent hack

By admin On Sep 20, 2022

Spread the love

Uber says the hackers who attacked the company last week were from the Lapsus$ group. Lapsus$ has grown and become more famous in recent months. The attackers spammed a two-factor authentication prompt on an employee until they accepted the request.

Uber gives in an updated blog post Learn more about the major hack the company faced last week. Then it turned out that attackers had gained a lot of internal access to company information. In the update, Uber reiterates what it said earlier: that no user data was stolen. The company also says for the first time that the Lapsus$ hacker group is believed to be behind the attack. Uber relies on the same attack method that the group used earlier.

Lapsus$ is a group of mostly young hackers that has been active since late 2021. The group focuses on large companies and tries to infiltrate them and loot a lot of information as quickly as possible. Lapsus$ does not seem interested in spreading ransomware or taking that information hostage. The group seems somewhat professionally organized, but much less so than most cybercriminal gangs that do send ransomware. The group was previously behind major attacks on Microsoft, among others. At the beginning of this year, the group attacked managed service provider Okta. Security experts then feared that smaller companies that were customers of Okta would be hacked, but that consequences were not forthcoming. Lapsus$ probably hadn’t gathered enough information to wreak havoc.

Uber also provides more information in the update about how the hackers worked. They allegedly bought a remote employee’s credentials online. That employee’s laptop was previously infected with malware, which led to the data being stolen. Logging into the Uber network required two-factor authentication. The hackers kept sending a request until the employee finally accepted it. From there, the attackers could gain access to other employees’ user accounts. They were then able to access the G Suite applications and Slack.