LAPSUS$ [1] [2] [3] [4] [5] [7] [8] [9] [10], also known as Slippy Spider [4] [8], is a transnational cybercriminal gang that targeted major tech companies in the U.K. and Silicon Valley between 2021 and 2022. This group [5] [7] [10], consisting of two U.K. teenagers [1] [3] [4] [5] [6] [8] [9], Arion Kurtaj and an unnamed minor [4] [8], orchestrated high-profile hacks against companies like BT, EE [1] [4] [5] [8], Microsoft [1] [2] [4] [5] [8] [10], Samsung [1] [2] [4] [5] [8], Nvidia [2], Ubisoft [1] [2], and Okta [2] [10], resulting in significant financial damages. They gained unauthorized access to corporate networks using techniques such as SIM swapping and prompt bombing attacks. In addition to tech companies, they also targeted telecommunications providers and offered large sums of money for access. LAPSUS$ gained notoriety for their effective social engineering tactics and their use of a public Telegram channel to discuss their operations and extort their targets [5].
Description
The trial of LAPSUS$ shed light on their motivations [7], which include notoriety [7], money [1] [5] [7], and amusement [7]. The exact amount of money the group made remains unclear, as none of the targeted companies have admitted to paying them [7]. Despite some security researchers considering the gang as amateur hackers, their relentless attacks have made them infamous in the cybercriminal world. The defendants [1] [4] [5] [8], initially arrested and released under investigation [1] [4] [5] [8], were later re-arrested and charged by the City of London Police [1] [5]. Even after being doxxed and moving to a hotel [1] [5], Kurtaj continued his hacking spree [1] [4] [5] [8]. The police have been unable to access the crypto accounts associated with the group [7]. Currently [9], the teenagers are in custody and awaiting sentencing.
Recently, Arion Kurtaj [1] [4] [5] [6] [8], an 18-year-old member of the LAPSUS$ gang [6], was convicted by a London jury for hacking multiple high-profile companies, including Uber [1] [5] [6] [10], Revolut [5] [6], and Rockstar Games [5] [6]. This conviction highlights the growing threat of transnational gangs in the cybercrime landscape [6]. The gang used SIM swapping and prompt bombing attacks to gain unauthorized access to corporate networks and offered large sums of money for access to telecommunications providers [1] [5]. They also employed various methods to gain initial access and escalate privileges within the networks [1]. The targeted firms included BT [1], EE [1] [4] [5] [8], Globant [1], LG [1], Microsoft [1] [2] [4] [5] [8] [10], NVIDIA [1], Okta [1] [2] [10], Samsung [1] [2] [4] [5] [8], Ubisoft [1] [2], and Vodafone [1]. The teenagers are currently awaiting sentencing [4] [8].
Conclusion
The actions of LAPSUS$ have had significant impacts, causing financial damages to major tech companies and telecommunications providers. The trial and conviction of Arion Kurtaj serve as a warning about the increasing threat posed by transnational cybercriminal gangs. It is crucial for organizations to strengthen their security measures and stay vigilant against social engineering tactics and advanced hacking techniques. The inability of law enforcement to access the crypto accounts associated with the group highlights the challenges in combating cybercrime. As technology continues to advance, it is essential for authorities and businesses to collaborate and develop effective strategies to mitigate the risks posed by cybercriminals.
References
[1] https://www.443news.com/2023/08/two-lapsus-hackers-convicted-in-london-court-for-high-profile-tech-firm-hacks/
[2] https://digg.com/gizmodo/link/who-is-lapsus-the-big-bad-cybercrime-gang-hacking-tech-s-biggest-companies-IFIgwAhNBt
[3] https://www.cyberevive.com/2023/08/25/two-lapsus-hackers-convicted-in-london-court-for-high-profile-tech-firm-hacks/
[4] https://thehackernews.com/2023/08/two-lapsus-hackers-convicted-in-london.html
[5] https://thecyberpost.com/news/hackers/attacks/two-lapsus-hackers-convicted-in-london-court-for-high-profile-tech-firm-hacks/
[6] https://allinfosecnews.com/item/lapsus-member-has-been-convicted-of-having-hacked-multiple-high-profile-companies-2023-08-24/
[7] https://gulfnews.com/technology/lapsus-how-two-british-teen-hackers-targeted-nvidia-grand-theft-auto-and-uber-1.1692957651891
[8] https://mrhacker.co/data-breach/two-lapsus-hackers-convicted-in-london-court-for-high-profile-tech-firm-hacks
[9] https://gizmodo.com/lapsus-alleged-members-are-in-jail-but-the-gang-hacke-1848727403
[10] https://www.techtimes.com/articles/273535/20220326/lapsus-hacking-group-targeted-massive-tech-companies-who.htm
