LAPSUS$ hacks continue despite two UK hacker suspects in court – Naked Security | #cybersecurity | #cyberattack

The infamous LAPSUS$ gang, whose curious brand of cyberextortion has been linked with intrusions at Microsoft, Samsung, Okta, Nvidia and others, still seems to be on the boil.

According to Microsoft’s own analysis of the gang’s intrusion at Microsoft itself, these hackers use a range of social engineering techniques that go beyond the usual methods of sweet-talking, cajoling or tricking an innocent victim into giving them a foothold inside the network.

LAPSUS$, tagged with the more serial-number-like code DEV-0537 by Microsoft, are also alleged to use outright bribery, offering to pay insiders to provide them with remote access.

Those insiders, of course, don’t have to be direct employees of the intended victim.

In today’s hugely outsourced IT world, breaking into the computer of a contractor or service provider who themselves has access to the target is enough.

In DEV-0537‘s break-in at two-factor authentication provider Okta, for instance, the intrusion was apparently orchestrated via a third-party company contracted to do technical support for Okta.

As Okta rather curiously insisted after the attack became public, staff at the support company that got hacked were “unable to access users’ passwords”, although this was rather cold comfort considering that the same staff were “able to facilitate the resetting of passwords and multi-factor authentication factors for users.”

Microsoft’s report on the activities of LAPSUS$ revealed a level of arrogance that would be amusing if the stakes were not so high: the company says it was able to stop one of the gang’s data heists half way through because LAPSUS$ members openly bragged on Telegram before they’d even finished the job.