Read Time:1 Minute, 56 Second
On Monday, Uber revealed further information about the security breach last week, tying it to a threat actor it suspects is linked to the notorious LAPSUS$ hacking crew.
“This group frequently targets technology firms, and in 2022 alone has hacked Microsoft, Cisco, Samsung, NVIDIA, and Okta, among other businesses,” according to the San Francisco-based firm.
In March 2022, the City of London Police arrested seven individuals aged 16 to 21 for their suspected connections to a financially-motivated extortionist gang. Fraud charges have been brought against two of those juvenile defendants.
The hacker that accessed Uber’s data, an 18-year-old known as Tea Pot, has also taken credit for attacking video game maker Rockstar Games over the weekend.
As Uber’s investigation continues, the company is working with “several leading digital forensics firms” and coordinating with the U.S. Justice Department and the Federal Bureau of Investigation (FBI).
For the method of the attack, Uber said that an “EXT contractor” had their device hacked with malware and their company account credentials stolen and sold on the dark web, confirming an earlier Group-IB disclosure.
The Singapore-based firm stated last week that at least two of Uber’s employees in Brazil and Indonesia had been hacked by unidentified malware known as Raccoon and Vidar.
Although Uber didn’t share how many employee accounts were likely hacked, it did emphasise that no code changes were made without authorisation and that there was no sign the hacker could access systems containing customer information.
The young hacker downloaded several internal Slack messages and information from an in-house finance team’s tool to manage specific invoices. In addition, Uber confirmed that the attacker accessed HackerOne bug reports; however, they noted: “that any bug reports the attacker was able to access have been remediated.”
While using an app-based authentication system to minimise risks associated with SIM swapping assaults has occurred, the hacking of Uber and Cisco demonstrates that security protections, once thought inviolable, are being broken through other means.
The fact that threat actors are relying on attack routes such as adversary-in-the-middle (AiTM) proxy toolkits and MFA fatigue (aka prompt bombing) to dupe an unsuspecting user into providing their One-Time Passcode (OTP) or granting access is proof that phishing-resistant tactics need to be used.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
100 %
1
0
