Members of the LAPSUS$ hacker group had limited access to a Microsoft employee’s account for some time. The American hardware and software company confirms in a blog that she was the target of the hacker group. The damage was limited because the tech company had been monitoring the group for a long time.
Microsoft writes that in a blog.
Here’s what you need to know about LAPSUS$
LAPSUS$, also called DEV-0537 by Microsoft, is a hacker group that carries out cyberattacks from South America. The hacker collective initially targeted companies and organizations in the United Kingdom and Latin America. The group has since expanded its scope: in the past few weeks, LAPSUS$ has attacked several government agencies, media companies, telecom companies, and retail and healthcare organizations.
To perform an attack, LAPSUS$ does not use ransomware or other malware. Using compromised credentials or session tokens, the group gains access to computer systems, servers, and other applications. The affected systems usually work with a Virtual Private Network (VPN), Remote Desktop Protocol (RDP) or Virtual Desktop Infrastructure (VDI) from parties such as Citrix and Azure Active Directory. In some cases, the perpetrators took over an employee’s phone number in order to circumvent two-factor authentication. We also call this SIM Swapping.
LAPSUS$ makes many victims
NVIDIA is one of the recent victims of LAPSUS$. The attackers managed to get their hands on employee data and other critical business information. Reportedly, it involved 1 TB of data. To prove that they were in possession of sensitive company information, the hacker group published a number of screenshots on a public