“Dump pf LG’s infrastructure confluence will be released soon,” the Telegram post said. “Might be a good idea to consider a new CSIRT team!”
Lapsus$ has also targeted such companies as Samsung (SSNLF and Nvidia (NVDA Get NVIDIA Corporation Report
‘Pure Extortion’ “Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks,” Microsoft said. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations.”
The group, the post said, “is known for using a pure extortion and destruction model without deploying ransomware payloads.”
“DEV-0537 is also known to take over individual user accounts at cryptocurrency exchanges to drain cryptocurrency holdings,” Microsoft said.
Lapsus$ started targeting organizations in the United Kingdom and South America, Microsoft said, but expanded to global targets, including organizations in government, technology, telecom, media, retail, and healthcare sectors.
Last December, Brazil’s health ministry said its website was hacked by the group, and Impresa, Portugal’s largest media conglomerate, said in early January that the websites of its Expresso newspaper and SIC TV station had been hit.
Their tactics, Microsoft said, “include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets.”
“The actors behind DEV-0537 focused their social engineering efforts to gather knowledge about their target’s business operations,” the post said. “Such information includes intimate knowledge about employees, team structures, help desks, crisis response workflows, and supply chain relationships.”
Russian Cyber Threat The breach comes shortly after a warning by President Joe Biden that the unprovoked invasion of Ukraine, and the resulting sanctions on aggressor Russia, may lead to a rash of cybersecurity breaches unleashed by the Kremlin and other quasi-official sources in Russia.
Cyber criminals are targeting the energy infrastructure in the U.S, including pipelines, refineries and power grids to attack their operations and supply chain systems, experts said.
Hackers have targeted oil and gas producers in the past, such as the attack of the Colonial Pipeline, the largest U.S. fuel pipeline that resulted in shortages along the East Coast in April 2021.
The cost of a data breach was $4.24 million, according to a report by IBM (IBM Get International Business Machines Corporation Report and the Ponemon Institute, up 10% from 2019 and the highest in the report’s 17-year history.
Lost business represented 38% of the overall average, the report said, and this included increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation.
Business email compromise was responsible for only 4% of breaches, but had the highest average total cost at $5.01 million.
The second costliest breach was phishing at $4.65 million, followed by malicious insiders at $4.61 million, social engineering at $4.47 million and compromised credentials at $4.37 million.