Lapsus$ Hacking Group Will Be Focus of DHS Cyber Review Board

Article

The Department of Homeland Security’s Cyber Safety Review Board said it will study the Lapsus$ hacking group, which has been accused of carrying out breaches at major US companies this year.

The board, comprised of senior government cyber officials and industry representatives, aims to review and compile reports on significant cybersecurity issues. In its first review the board examined a flaw in the Log4j open-source software library.

Lapsus$ has been blamed for hacks affecting Microsoft Corp., Nvidia Corp., Okta Inc. and other major technology companies. Security researchers have told Bloomberg News that the alleged mastermind of the group was a teenager living at his mother’s home in England, who was later arrested by police in the UK earlier this year.

Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind

The Lapsus$ crew has differentiated itself from other hackers by its tactics, desire for notoriety and success at breaching major companies. Members of Lapsus$ have employed social engineering techniques such as targeting companies that operate call centers for brand name firms, then publicizing their successes on a Telegram channel.

Alleged Lapsus$ hackers have also targeted Brazilian health-care systems and police departments, according to Brazilian authorities and multiple cybersecurity experts who investigated the group. The Brazilian Federal Police announced that officials had arrested an alleged Lapsus$ member in October.

“Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare, government facilities and critical manufacturing,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly in a statement. “The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims.”