Pierluigi Paganini
December 04, 2022
The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached multiple high-profile companies in recent years.
“Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” reads the CSRB announcement.
The review aims at developing a set of actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly.
The Lapsus$ group is behind a long string of attacks against high-profile organizations, including NVIDIA, Samsung, Ubisoft, Mercado Libre, Vodafone, Microsoft, Okta, and Globant.
“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” said Secretary Alejandro N. Mayorkas. “With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience.”
As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established t
The CSRB was established on February 2022 under the direct order of President Biden through Executive Order 14028 with the intent of improving the Nation’s Cybersecurity.
The group of experts is tasked with reviewing and assessing significant cybersecurity events to allow public and private organizations to better protect US networks and infrastructure.
“The CSRB is composed of highly esteemed cybersecurity leaders from the federal government and the private sector. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity. Robert Silvers, DHS Under Secretary for Policy, serves as Chair and Heather Adkins, Google’s Vice President for Security Engineering, serves as Deputy Chair.” continues the announcement.
Some alleged Lapsus$ members have already been arrested by international authorities in the last months.
In October, the Federal Police of Brazil announced the arrest of an individual suspected of being linked to the LAPSUS$ extortionist gang. The authorities did not disclose info about the individual, it seems that the suspect is a teenager.
The arrest is the result of an international police operation codenamed Operation Dark Cloud that was launched in August 2022.
The Brazilian police, the Polícia Federal, launched its investigation in December 2021 after the website of Brazil’s Ministry of Health suffered a data breach. Threat actors stole 50TB of data and deleted COVID-19 vaccination data of millions of Brazilian citizens.
The Lapsus$ gang claimed responsibility for the attack, the group also hit other federal government websites, including the Ministry of Economy, Comptroller General of the Union, and the Federal Highway Police.
In September, the City of London Police arrested a 17-year-old teenager on suspicion of hacking, however, experts believe the arrest could be linked to the recent security breaches suffered by Uber and Rockstar Games.
Uber revealed that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group.
The threat actor behind the Uber hack, which goes online by the moniker Tea Pot (aka teapotuberhacker), also claimed to have Rockstar Games, the gaming firm behind GTA 6.
The arrest is the result of a joint investigation conducted by City of London Police with the U.K. National Crime Agency’s cybercrime unit.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, cybercrime)
[adrotate banner=”5″]
[adrotate banner=”13″]
