Beware of Lapsus$ Ransomware Group Hiring Insiders from Top Technology Giants

LAPSUS$ group has become known to many after they hacked Samsung and Nvidia. Most importantly they published nearly 190 GB of Samsung’s internal data as a torrent file on their telegram channel. 

It was also reported that they hacked the internal network of Nvidia and stole confidential data. Nvidia suspected a ransomware attack but LAPSUS$ group made a different demand. They threatened to release the data of Nvidia to the public if they don’t release the restriction for Nvidia GPU’s for crypto mining. Nvidia refused and the group released the data to the public.

After these two hacks, the group became known to many cyber researchers. Recent poll in their telegram group was conducted on which data to release from three companies. The three companies were Vodafone, Impresa and MercadoLibre and MercadoPago.

After they made several headlines, they are now targeting top tech giants like Microsoft, Apple, EA Games and IBM. The list also included some ISP companies such as Claro, Telefonica and AT&T. The group’s telegram group consisted of a message stating that they are recruiting employees from the above mentioned companies and ISPs.

Lapsus$ Ransomware hiring

It can be understood that they are looking for VPN access and other additional network administration privileges to infiltrate organizations. Though this was conducted by many APT actors previously, LAPSUS$ group is now implementing this method. Another threat is that they are willing to pay the employees for providing such sensitive information.

Christian Lees, CTO of Resecurity Inc, said that, “Such tactics were previously used by some cybercriminal and APT groups covertly – when employees of major corporations received similar proposals via Linkedin and or personal e-mails. Based on our investigation, the group is successful in their activities, and such tactics may generate a new trend in Dark Web for access brokers, especially, in post-pandemic times and increase of geopolitical tensions globally”

After their recent poll on telegram, Vodafone has started their internal investigation to prevent it from being exploited next. It is advised that employees stay loyal to their organizations since a small piece of information might lead to devastating damage to any organization. 

Organizations must take necessary precautions and restrict VPN access to people who don’t need it. A complete internal audit to access of softwares and applications can help to get sufficient information and prevent attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.