FBI adds LAPSUS$ data extortion gang to its “Most Wanted” list • Graham Cluley

The FBI is calling on members of the public to help it uncover members of an increasingly-notorious cybercrime gang.

The LAPSUS $ group, which is thought to consist largely of computer-savvy teenagers, has been behind a wave of attacks that have gained unauthorized access to large tech firms and leaked their data.

Corporate victims have included MicrosoftNVIDIA, Ubisoft, SamsungGlobant, and Okta.

Sign up to our newsletter
Security news, advice, and tips.

Members of the gang have been posting on a publicly-accessible Telegram chat room, bragging about their unauthorized access to the systems of organizations, and then posting links to the data they have stolen.

The most recent victim is international IT and software development firm Globant, which acknowledged it had suffered a security breach after LAPSUS $ first shared the news to its followers.

LAPSUS $ has since shared a link to 73GB of data stolen from Globant, containing customer source code and private keys related to projects for corporate clients.

In its notice the FBI says it is seeking information regarding the identities of the individuals responsible for the breaches, but has not yet offered a monetary reward.

It will be interesting to see whether the FBI or other law enforcement agencies do choose to offer a bounty for information leading to the identification and apprehension of members of LAPSUS $, or whether the group will simply unravel due to its own gobbiness.

If you do have any information, you are invited to contact your local FBI office, or the nearest American Embassy or Consulate.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluleyor drop him an email.

Source

The FBI is calling on members of the public to help it uncover members of an increasingly-notorious cybercrime gang.

The LAPSUS $ group, which is thought to consist largely of computer-savvy teenagers, has been behind a wave of attacks that have gained unauthorized access to large tech firms and leaked their data.

Corporate victims have included MicrosoftNVIDIA, Ubisoft, SamsungGlobant, and Okta.

Sign up to our newsletter
Security news, advice, and tips.

Members of the gang have been posting on a publicly-accessible Telegram chat room, bragging about their unauthorized access to the systems of organizations, and then posting links to the data they have stolen.

The most recent victim is international IT and software development firm Globant, which acknowledged it had suffered a security breach after LAPSUS $ first shared the news to its followers.

LAPSUS $ has since shared a link to 73GB of data stolen from Globant, containing customer source code and private keys related to projects for corporate clients.

In its notice the FBI says it is seeking information regarding the identities of the individuals responsible for the breaches, but has not yet offered a monetary reward.

It will be interesting to see whether the FBI or other law enforcement agencies do choose to offer a bounty for information leading to the identification and apprehension of members of LAPSUS $, or whether the group will simply unravel due to its own gobbiness.

If you do have any information, you are invited to contact your local FBI office, or the nearest American Embassy or Consulate.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluleyor drop him an email.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

The MOVEit Zero-Day Vulnerability: How to Respond

The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite...

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out...

Apple fixed new actively exploited CVE-2023-38606 zero-daySecurity Affairs

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!