For several days, we have been hearing a lot about the cyberattack that hit the giant Uber. The American company has published additional information about this computer attack.
According to the latest information relayed by Uber, the cybercriminal behind this computer attack is affiliated with the LAPSUS$ hacking group. Several months ago, the group LAPSUS$ made a lot of noise by being responsible for several major attacks against Okta, NVIDIA, Samsung, etc. In his press releaseUber clarifies: “This group typically uses similar techniques to target tech companies, and in 2022 alone they compromised Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others.“
However, some members of the LAPSUS$ group, aged between 16 and 21, were arrested by the London police shortly after these various attacks. In March 2022 to be precise. Inevitably, this must have put a blow to the activities of the LAPSUS$ group. Nevertheless, the cybercriminal behind this attack against Uber is only 18 years oldand according to Uber, it is affiliated with the LAPSUS$ group: is this the big comeback? What is certain is that this same person is also behind the huge data leak at Rockstar Games last weekend.
Uber also specifies that it would be the compromise of the computer belonging to a partner company of Uber which would be at the origin of this intrusion. Obviously, according to the company Group-IB, two employees located in Brazil and Indonesia were allegedly victims of “information stealing” malware called Raccoon and Vidar. This first step would have made it possible to recover the identifiers, then thanks to the technique of “fatigue MFA“, the attacker would have succeeded in pushing the employee of the partner company to validate the double authentication. Then he was able to access the different environments (Slack, Google Workspace, etc.) by recovering other employee accounts.
Now, Uber performs a number of actions as part of its incident response including locking compromised accounts, resetting passwords, etc. In recent hours, the company Uber has published several job offers to recruit cybersecurity specialists.
#pirate #linked #LAPSUS #group