Uber pins recent hack on Lapsus$ cybercrime gang

20 Sep 2022

Image: © Proxima Studio/Stock.adobe.com

The Lapsus$ gang rose to prominence earlier this year after claiming responsibility for a series of high-profile data breaches.

Uber claims a hacker linked to the Lapsus$ cybercriminal group was responsible for its recent “cybersecurity incident”.

The ride-hailing company was forced to shut down many of its internal tools, communications and engineering systems in response to the incident last week.

In a security update yesterday (19 September), Uber said it believes the attacker is affiliated with the Lapsus$ group, which has been linked to a series of high-profile hacks this year.

The cybercrime gang took responsibility for the Nvidia cyberattack in February. A week later, it claimed to leak almost 190GB of data from Samsung. In March, Okta and Microsoft both confirmed claims of data breaches by Lapsus$.

Uber said it is “in close coordination” with the FBI and the US Department of Justice on this matter “and will continue to support their efforts”.

It added that the hack occurred when one of its contractor accounts was compromised by the attacker.

The company said it is “likely” that the contractor’s corporate password was purchased on the dark web, after their personal device had been infected with malware.

After this, the hacker repeatedly tried to access the contractor’s account, leading to multiple two-factor authentication requests that the contractor eventually accepted.

“From there, the attacker accessed several other employee accounts, which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack,” Uber said.

Last week, reporters from The New York Times said they spoke to the hacker, who claimed to have gotten the password of an Uber employee through a phishing attack.

Uber cited reports that reports that the same actor is also behind the recent breach of Rockstar Games. The Rockstar hacker claimed responsibility for the Uber hack, but the link has not been confirmed.

Uber said the hacker didn’t appear to access any databases that store sensitive user information such as credit card numbers or bank details.

“We’re working with several leading digital forensics firms as part of the investigation,” Uber added. “We will also take this opportunity to continue to strengthen our policies, practices and technology to further protect Uber against future attacks.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic