Lapsus$ Gang Climbing up the Success Ladder with More Victims
Reading Time: 2 minutes

The Lapsus$ Gang is climbing up the success ladder with more victims including Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. The Lapsus$ Gang believed to be based in Brazil came to light with its attack on the country’s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.

In a series of attacks that have followed one after the other, especially after the gang ransacked Nvidia, which included a terabyte of data along with proprietary information and employee credentials, and dumping some of the data online. They also demanded the GPU manufacturer to remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.

The gang has upped the ante following the cyberattack on Samsung. They were hoping to gather secrets of its TrustZone secure environment, eventually only managing to lay hands on 200GB of data, which contained its biometric technologies, source code for bootloaders, activation servers, and authentication for Samsung accounts, and source code given to chip-designing partner Qualcomm.

Ubisoft game developers of Assassin’s Creed, Prince of Persia and Watch Dogs after they were compromised by Lapsus$ Gang said they “experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue.”

The development house added that all of its games and services were operating as normal despite the attack. The online criminals have reportedly claimed the disruption was their work.

Lapsus$ Gang is Growing Fast
The recent attacks carried out by the Lapsus$ Gang just go to show a sharp upward movement in terms of the size of Lapsus$’s targets.

According to cybersecurity experts, the group is still raw and is testing its capabilities with a range of attack methods. This includes data extortion to ransomware and also perhaps taking advantage of the ongoing Russia-Ukraine war to distract and divert malware pushers and cybersecurity vendors alike.

Tyler Croak, principal strategist at cybersecurity vendor Lookout told TheRegister, “Based on their public behavior and communication observed from the group, it is believed that they are a completely new group and not simply a rebranded threat group,” 

He further said, “While the group seems to be mostly financially motivated, there are signs of additional motivations. For example, their early attacks had a heavier focus on data extortion and payment, but in their Nvidia attack, we saw a demand for the organization to make their IP open source. This strays into hacktivist territory.”

Croak further added, it “shows that the group is not entirely aligned and is still maturing, but they are showing signs of evolving into a formidable threat group. They are beginning to take advantage of multiple avenues to try to infiltrate and persist within an organization.”

Richard Fleeman, vice president at security advisory services provider Coalfire said, “We have a group here that is flexing their muscles to build ‘street cred,’ has been profitable with ransoms, and seem to be untouchable at the moment.”

Related Articles:
New Infinite Loop Bug in OpenSSL May Allow Attackers Crash Remote Servers
Russian Hackers Exploiting MFA and PrintNightmare Bug – Says FBI, CISA
CaddyWiper – A Nasty Data Wiping Malware Targets Ukrainian Networks