Understanding Teen Hackers: DHS to investigate attack by LAPSUS$ gang
To strengthen the nation’s cyber security, the Department of Homeland Security will investigate the hacking techniques of cybercriminal gang LAPSUS$ to find ways companies can protect themselves against similar threats.
The review means US officials will investigate a suspected group of teenage hackers. Still, LAPSUS$ was able to breach a number of high-profile companies earlier this year, including Nvidia, Microsoft, Samsung, and most recently Uber and possibly Rockstar Games.
DHS is launching the investigation through its Cyber Safety Review Board, which was launched in February. The board’s goal has been to “thoroughly assess past events, ask the hard questions and drive improvements across the private and public sectors.”
The board’s first project was to investigate last year’s widespread Apache Log4j 2 vulnerability, which government-sponsored hackers were quick to exploit. The review resulted(Opens in a new window) in 19 recommendations for government and industry to take, which included greater investment in open source software security.
The Cyber Safety Review Board selected LAPSUS$ as its next project, it said(Opens in a new window) the group was able to “bypass a number of commonly used security controls and has successfully infiltrated a number of companies across industries and geographies.”
In addition, the LAPSUS$ gang often resorts to online extortion. For example, when the group hacked Nvidia, members began trying to sell the company’s stolen information unless Nvidia paid up in cryptocurrency. Numerous ransom gangs have used the same tactics over the years to pressure victims into surrendering to their demands.
The other reason DHS is conducting the review may be that police have already arrested two suspected members of the group, one in Brazil and one in the UK. Since the arrests, the gang’s activity has also been quiet.
Recommended by our editors
Therefore, American investigators may already have greater insight into the gang’s tactics and motives. The Cyber Safety Review Board said it plans to develop “recommendations” that companies can take to protect themselves against similar attacks.
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, noted that the LAPSUS$ gang has also infiltrated IT systems of healthcare and government organizations. “The range of victims and the variety of tactics used require us to understand how LAPSUS$ actors carried out their malicious cyber activities so we can reduce the risk to potential future victims,” she said in a statement.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.