HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on September 20, 2022, 04:05:02 pm



Title: Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks
Post by: HCK on September 20, 2022, 04:05:02 pm
Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks

<p>Uber believes it has identified the team behind last week's hack (https://www.engadget.com/uber-investigating-cybersecurity-incident-051250020.html), and the name will sound all too familiar. In an update (https://www.uber.com/newsroom/security-update/) on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft (https://www.engadget.com/microsoft-okta-investigating-attack-lapsus-hacking-group-120541942.html), Samsung and T-Mobile (https://www.engadget.com/lapsus-t-mobile-source-code-185950839.html). The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI (https://www.engadget.com/rockstar-confirms-gta-vi-leak-143918535.html), Uber said.</p><p>It's also clearer just how the culprit may have accessed Uber's internal systems. The attacker likely bought the contractor's login details on the dark web (https://www.engadget.com/hydra-dark-web-darknet-marketplace-shut-down-204558506.html) after they'd been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.</p><span id="end-legacy-contents"></span><p>As before, Uber stressed that the hacker didn't access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber's bug bounty program, any vulnerability reports involved have been &quot;remediated.&quot; Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There's also extra monitoring for unusual activity.</p><p>The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests (https://www.engadget.com/uk-police-charge-two-teens-in-connection-with-lapsus-hacking-group-case-113521533.html). It also underscores major tech companies' continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber's operations.</p>

Source: Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks (https://www.engadget.com/uber-hack-targeted-contractor-lapsus-192339707.html?src=rss)