[MART] - Daily Diary #464 - Lapsus$ Group Is On A Rampage

CTAS-MAT ctas-mat at appgate.com
Mon Mar 7 22:02:11 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

03/07/2022 - Diary entry #464:

Lapsus$ is a new threat actor group that appeared first in May 2021. They claimed responsibility for obtaining 780 gigabytes of data during attacks against the game giant Electronic Arts. The attack was confirmed in June but no attribution was made to the group. Later, more attacks were claimed by them, targeting Brazil's governmental agencies such as the Ministry of Health and Federal Police, taking down their websites, and wiping vaccination data.

Next, they targeted Portugal's organizations such as the Parliament's website and Impresa, a news conglomerate. More recently, they attacked NVIDIA, leaking 20 GB of data containing hardware schematics, firmware, drivers, 71,335 NVIDIA employees' emails, NTLM password hashes, and more. Some stolen digital certificates were already detected being used in the wild.

Finally, their latest alleged victim was Samsung Electronics that confirmed the breach today, saying that "the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees". Lapsus$ group posted a torrent file containing 190 GB of Samsung's sensitive data that can represent, if confirmed, a major data breach since details of many of its technologies are now publicly available.

Lapsus$ is not a common group like others involved in data breaches. Their TTPs (Tactics, Techniques, and Procedures) are unknown yet, they use a public Telegram group to publish their attacks, asking the participants which company should be their next victim. They stated to be financially motivated but it's not clear how they carry out their attacks.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220307/b6ae8cf6/attachment.htm>

More information about the MART mailing list