Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group

Of all the threatening hacker groups out there, one of the most notorious is the Lapsus$ gang. While we covered APT10APT28, and Turla in prior articles, Lapsus$ presents some of the most significant threats on the cyber landscape. In this post, the fifth in our Hacker Series, we’ll look at Lapsus$, important highlights about the group, and all we can do about their presence on the threat scene.

Who is Lapsus$?

Lapsus$ is a hacker group that has been active since at least 2019, and whose mastermind is rumored to be a 16-year-old teenager from Oxford, England. The group is believed to be highly organized and well-funded, with members from various countries around the world.

Lapsus$ is known for their high-profile cyberattacks on government and corporate targets, as well as their use of sophisticated malware and encryption techniques.

By leveraging insiders through social engineering or bribery, the Lapsus$ group has a proven track record of successful attacks on high-profile targets which have resulted in significant financial losses and raised concerns about national security. In March 2022, Lapsus$ became well known for a series of daring cyberattacks against tech company darlings including Microsoft, Nvidia, and Samsung.

The group’s motivations and goals are not entirely clear, but they have been known to demand large sums of money in exchange for not releasing stolen information. They are also thought to have political motivations, as some of their attacks have targeted government agencies.

Notorious Attacks and Methods

One of Lapsus$’ most notable socially engineered attacks was on the U.S. Department of Defense in 2020. During this attack they were able to gain access to sensitive information, and caused significant disruption to the agency’s operations. The group has also targeted several major banks, stealing millions of dollars in the process.

Another notable attack attributed to Lapsus$ occurred in 2020 and was targeted at a major healthcare provider. During this attack, the group was able to access and steal the sensitive personal information of millions of patients. This attack not only resulted in financial losses for the healthcare provider, but also raised serious concerns about the protection of personal data and privacy.

Lapsus$ has also been known to target the energy sector, and oil and gas companies in particular, causing significant disruption to their operations. In one instance the group was able to gain control over the control systems of a major oil refinery, causing a shutdown in their operations and a significant loss of revenue.

They are known to use social engineering attacks using the communication app Telegram, and advanced malware, such as ransomware and trojans, to gain access to and control over their victims’ networks. In addition to their socially engineered cyberattacks, Lapsus$ is also known for their use of encryption and other techniques to hide their tracks and evade detection. While the U.K. arrested a band of seven teenagers affiliated with Lapsus$, the majority of their operatives have been able to successfully evade law enforcement’s efforts to track them down.

The Hunt for Lapsus$

Despite their high-profile attacks and the efforts of law enforcement and cybersecurity experts, Lapsus$ continues to be active and poses a significant threat to governments and corporations worldwide. The group’s use of advanced malware and encryption techniques has made them difficult to track and apprehend, and law enforcement agencies have had limited success in identifying and arresting members of the group. There have been a few reported arrests of individuals believed to be associated with Lapsus$, but it is unclear if these arrests have had any impact on the group’s operations as they re-emerged shortly after.

What You Can Do About Lapsus$

Given the group’s ability to infiltrate insiders, it’s important for organizations and individuals to be aware of the potential threat they pose. Organizations need to stay connected to the cybersecurity community, and take necessary steps to protect themselves from this threat that even industry juggernauts like Microsoft and Nvidea fell for. This includes measures such as regularly updating software and systems, backing up important data, and staying vigilant for suspicious activity on their networks. An approach that’s built on all-around monitoring and anomaly detection can help minimize Lapsus$ group’s advanced threats, insider actions, and malicious attacks.

Overall, the Lapsus$ group continues to be a serious threat to governments, corporations, and individuals. Their ability to evade law enforcement and carry out high-profile attacks highlights the need for continued efforts to improve cybersecurity and bring these cybercriminals to justice.

This article was originally published in Forbes, please follow me on LinkedIn.