Lapsus$: meet the new (bad) kids on the block
Who is the cheeky threat group that has allegedly managed to breach Nvidia, Brazil’s health ministry and others?
In late February, US chipmaking giant Nvidia announced it was investigating a potential cyberattack. The following week, a company spokesperson told CNN it was “aware that the threat actor took employee credentials and some Nvidia propriety information from our systems and has begun leaking it online.”
On Monday this week, Samsung confirmed it was also breached, and that the hackers stole confidential information, including Galaxy smartphones source code. "According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” the Korean company said in a statement.
“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."
Responsibility for both breaches was assumed by the same threat group, which calls itself Lapsus$. According to Bleeping Computer, the hackers already leaked 1TB of data stolen from Nvidia, and nearly 190GB of data from Samsung. We are still in the early days following the breach, but if indeed the source code was stolen, this could potentially have dire consequences for the company.
At present, not a lot is known about this cheeky group which has just shot to instant notoriety. In fact, it does not even appear on the MITRE ATT&CK directory (yet). The group is thought to be based in Brazil, and was first noticed by security researchers in 2020. In December 2021, Lapsus$ assumed responsibility for hacking the Brazilian Ministry of Heath’s website and erasing information from official databases.
In January 2022, Lapsus$ claimed it had hacked websites belonging to Portuguese media conglomerate Impresa, including several newspapers as well as a major broadcaster. A few days later, it assumed responsibility for breaching Brazilian car rental company Localiza and redirecting users to a porn site. In February, am alleged Lapsus$ attack brought down Vodafone Portugal’s mobile, voice and television services.
The group communicates via Telegram and seems to enjoy its new fame/notoriety. On Monday, it published a poll, asking whom they should go after next:
