Uber a target of an international group of hackers, Lapsus$ group
During the past year, some of the world’s largest technology companies have been defeated by an international group of hackers, some of whom are teenagers, whose motivations appear to be unusual at times, according to security experts who have investigated the incidents.
Uber Technologies Inc. stated on Monday that it was a target of the Lapsus$ group, which got access to the company’s internal systems and posted messages to employees, including a graphic image. Some hacking groups use malware or steal data, such as credit card numbers or social security numbers, and then sell it. Others are backed by the government and attempt to extort corporate secrets or conduct espionage.
Lapsus$ is a nebulous team that hides behind anonymous online aliases, but members of the group have left enough digital breadcrumbs for law enforcement and private researchers to identify some of them. According to security researchers and law enforcement officials, the group likely includes members from Brazil and the United Kingdom, with several of them being teenagers. It has developed a set of techniques that, while not technically sophisticated, have proven to be devastatingly effective at breaking into some of the world’s largest technology companies in its short history.
Many of these threats target on the systems that businesses have put in place to function effectively in an era of remote work, such as company help desks and systems used to reset passwords and remotely control corporate networks.
The hacking group, Lapsus$, has targeted firms including Nvidia, Microsoft Corp, and Okta Inc, an authentication services company relied on by thousands of major businesses.
In Uber’s case, the attacker most likely bought a username and password that actually belonged to an Uber contractor on the dark web after it was stolen from the contractor’s computer via malicious programs, the company said in a blog post on the incident on Monday. The hacker then attempted to log into Uber’s networks using these credentials.
Because Uber requires a “two-factor authentication,” “login, these attempts resulted in messages being sent to the contractor’s phone asking if they were really attempting to log in. This initially stopped the attack, but the hacker did not give up and continued to make the requests. “The contractor eventually accepted one, and the attacker successfully logged in,” “Uber stated.