A new hacker gang has been stealing code from some of the world’s biggest tech companies and dumping it all over the internet.
The culprit is LAPSUS$, a criminal outfit whose trademark is taking on the biggest, shiniest target it can find, breaching it, then slyly bragging about the conquest. The gang initially seemed like a ransomware attackers to researchers, but it doesn’t use encrypting malware, the programs that lock users out of their own systems in ransomware strikes. Instead, LAPSUS$ boosts victims’ data, then threatens to dump it if the price is not paid.
While it’s not totally clear who is involved in the gang, researchers told Bloomberg that one of its main hackers may be a 16-year-old boy living with his mum in England.
As more information comes in about the gang itself, here’s a run-through of the biggest targets LAPSUS$ has hacked so far.
Okta
In what may turn out to be the most impactful hack that the gang has executed, LAPSUS$ breached identity verification firm Okta. The gang recently posted screenshots on its Telegram page that appeared to show it had access to a number of the authentication software company’s systems.
The fact that Okta’s software is used to secure thousands of organisations has obviously inspired substantial security concerns.
Okta has confirmed that it was hacked, and, in a call with reporters on Wednesday, it further admitted that “approximately 2.5%” of its customers, or potentially some 366 companies, had possibly “been impacted” by the attack. What that means for those companies’ data is unknown at this point but, uh…yeah, it’s potentially not good.
Microsoft
After some equivocating, Microsoft has confirmed that it did, indeed, get totally pwned by LAPSUS$.
Over the weekend, the hacker gang leaked what it said was 37 gigabytes of source code from the company — including 90 per cent of the source code for Bing, Microsoft’s second-tier search engine.
On Tuesday, Microsoft published a blog post in which it admitted that LAPSUS$ had gained “limited access” to its systems. If stealing and dumping your source code all over the internet counts as “limited,” then I do concur, good sirs.
Nvidia
Nvidia, the king of graphics cards, recently confirmed that it was the victim of a LAPSUS$ hack. “We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online,” the company told CNN on March 1.
That proprietary information involved source code for Nvidia’s newest DLSS tech, which vaunts “groundbreaking” AI-powered rendering. It’s probably slightly less groundbreaking now that the whole internet has its code, though.
Ubisoft
Ubisoft, gaming developer behind Assassins Creed, Prince of Persia, and a bunch of other bloodthirsty classics, is among the unlucky few to get its shit rocked by LAPSUS$.
After the hacker group posted news of the hack with a smirking face emoji on its Telegram page, Ubisoft admitted that it had undergone a “cybersecurity incident.” It’s not totally clear how bad the hack was for the company.
Samsung
Samsung, whose smart TVs have allegedly been used as a CIA spying portal in the past, was recently hacked by someone other than the U.S. government: You guessed it, LAPSUS$!
In a post to its Telegram, the gang claimed to have pillaged the Korean electronics company, posting what it said was 190 gigabytes of internal files — including source code for Samsung Knox, the company’s security management framework. Samsung later admitted that it had been hacked.
Vodafone
Vodafone, which is not a company most Americans care about (given that it’s a telecom that mainly services Europe and Asia), is still a giant tech corporation that, like every other company listed in this slideshow, was hacked by our friendly neighbourhood extortion gang LAPSUS$. Vodafone has confirmed that it was hacked but claims no customer data was compromised by the incident.