Uber Says Hacker Group Lapsus$ is Behind a Cybersecurity Incident
Uber is reporting that a hacker group called Lapsus$ is behind a cybersecurity incident that occurred earlier this year. According to the company, the hacker group gained elevated access to internal tools and downloaded internal Slack messages. In addition, the hackers reconfigured OpenDNS to display a graphic image. However, there was no evidence that sensitive user data was compromised. The company is working with the US Department of Justice and FBI to investigate the matter.
Hacker obtained elevated permissions to internal tools
Uber confirmed yesterday that a hacker group connected to the notorious extortion group Lapsus$ has obtained elevated permissions to internal tools and email systems. The hacker group is believed to have obtained these credentials from compromised contractor accounts. Uber is now collaborating with the FBI, the Department of Justice, and leading digital forensics firms to investigate the incident. The group is believed to be involved in a series of other attacks against large companies. It also gained access to an internal Slack account and a dashboard for vulnerability reporting platform HackerOne.
Hacker group Lapsus$ has a record of successful attacks on large technology companies, including Microsoft, Cisco, Samsung, and Nvidia. The group has also been linked to several other high-profile hacks and was previously arrested by London police.
Hacker downloaded internal Slack messages
Last week, Uber disclosed that it had been a victim of a cybersecurity attack by a hacker group known as LAPSUS$. This group is notorious for stealing data and extorting companies out of their money. Its previous victims have included Microsoft, Nvidia, and Rockstar Games. Last week, Uber publicly announced that it has taken steps to prevent its users from being victims of similar attacks. The company has double protected its network and changed employee access to internal tools.
The hackers gained access to some Uber employee accounts, which included G-Suite and Slack. However, Uber says there is no evidence that the attackers were able to access sensitive user data. The company is working with the US Department of Justice and the FBI to investigate the cyberattack.
Hacker reconfigured OpenDNS to display graphic image
The hacker gained access to several employee accounts, including G-Suite and Slack, and reconfigured OpenDNS to display a graphic image on employees’ browsers. After identifying the attack, Uber blocked access to its internal network and disabled access to the affected tools. It also secured its code database and implemented additional monitoring of its internal environment.
According to The New York Times, the attacker gained access to Uber’s systems through social engineering. After posting a message to a company-wide Slack channel, the attacker tricked an employee into divulging credentials. The hackers, who called themselves Lapsus$, used credentials obtained from a third-party vendor. The hacker’s credentials were probably purchased on the Dark Web after a contractor’s personal device was infected by malware.
Hacker obtained password of Uber employee
A hacker group known as Lapsus$ is believed to have been behind the breach at Uber. The group, comprised of teenage hackers, was exposed earlier this year and has been threatening several technology companies. Uber claims it is working with the FBI and the US Justice Department to identify the hacker group and take action against them. In the meantime, the company has confirmed that the hackers downloaded internal Slack messages and information from a finance team tool. The company is currently analyzing these downloads.
The hacker group obtained the credentials to an Uber contractor’s account by installing malware on the contractor’s personal device. This malware enabled the hacker to bypass the two-factor authentication. He then bombarded the contractor with a series of requests for login details. Once he had the credentials, he could access several other employee accounts. He also had security permissions to access the G-Suite and Slack systems. This meant that he could access sensitive financial data.