In the last month We have told you several times about the group of cybercriminals LAPSUS$: these days they have been responsible for trying to blackmail NVIDIA, causing the fall of Ubisoft’s servers, or stealing the source code of various Microsoft projects.

With that trajectory, it was to be expected that the forces of order would apply themselves when persecuting them: a few days after their last hit, Scotland Yard announced the arrest of 7 young people between the ages of 16 and 21.





the least of them —known as ‘White’ and ‘Breachbase’ and who, according to the BBC, would also be autistic and a billionaire (possessing 14 million dollars in Bitcoin)— is accused, in fact, of leading the organization. A disagreement between ‘White’ and ‘business partners’ would have caused they will reveal their real identity in forums of the network.

All detainees now face

“three counts of unauthorized access to computers with the intent to impair the reliability of data; one count of misrepresentation fraud and one count of unauthorized access to a computer with the intent to hinder access to data.”

However, the imprisonment of its leader and 6 other ‘hackers’ does not seem to have made a dent in the activity of LAPSUS$which has continued to carry out cyberattacks casually, even updating its leak channel on Telegram.

Searchlight Security is another cybersecurity consultancy whose analysts have been closely following LAPSUS$ for a few weeks. They describe them as an “ambitious and seemingly somewhat chaotic, and reckless” group

“It is not surprising that the group has continued its high-risk hacks even after the London arrests given its likely international membership.” “[…] Some of the currently active LAPSUS$ members are believed to reside in countries with underdeveloped cybersecurity laws, irregular enforcement, and that have not signed international cybercrime conventions.”

As published by Bloomberg, members of the defunct hacker group ‘Recursion’ have joined LAPSUS$

New cyberattacks (and new forms of data theft)

His latest victim was software developer Globant, which is outsourced by large Silicon Valley companies: LAPSUS$ published on Telegram 70 GB of internal Globant data along with a list of passwords, stating that the content revealed “bad security practices” of the company, and the source code of several projects developed for clients such as Apple and Meta.

According to statements by Amir Hadzipasic, CEO of the cybersecurity firm SOS Intelligence, the 70 GB file “contains a series of repositories [con] highly sensitive information (beyond the intellectual property of the source code itself)“.

But it is that LAPSUS$ has not limited itself to continuing to carry out the same type of cyberattacks as before as if nothing had happened, but has added new modalities of attack in recent dayssuch as those based on compromising email accounts of security forces and falsifying data requests…

…doing that seem legitimate police requestswhile in reality the companies that respond to emails they are doing nothing but handing over sensitive data directly to hackers. Apple and Meta have also been – along with Discord – victims of this method.

Vía | Gizmodo & BBC & Computer Weekly