How did the worst hacker group 'LAPSUS$' consisting of teenage boys hack NVIDIA and Microsoft?

An 18-year-old boy was the main member of the hacker group ' LAPSUS$ ' known for hacking into companies such as Microsoft, Uber, and NVIDIA and leaking the data of Rockstar Games' Grand Theft Auto VI (GTA6). It

turned out that the group consisted mainly of teenage boys. As the investigation progresses and the trial is held, it is gradually becoming clear how this LAPSUS $ was hacking the network of a large company.

LAPSUS$ teen hackers convicted of high-profile cyberattacks

GTA 6 Leaker Hacked Rockstar With An Amazon Fire Stick In Hotel

The boy who leaked the data of GTA 6 is a major member of the hacker group 'LAPSUS$' and is known for having launched cyber attacks on Uber and NVIDIA. The boy arrested and charged was a key member of LAPSUS$ and was 17 years old at the time of his arrest.

A 17-year-old hacker who leaked the data of 'Grand Theft Auto VI' is arrested - GIGAZINE

In addition to this arrested boy, another 17-year-old boy was also arrested and convicted as a key member of LAPSUS$ in a separate case. According to the BBC , the boys met online in July 2021 and started working as a hacker group. While receiving support from related parties, the boy hacked the servers of mobile phone companies and telecommunications carriers to access data files and requested a ransom of $ 4 million (about 580 million yen) in August 2021. . Although this ransom was not paid, the boys used the SIM information stolen from the data file to steal a total of 100,000 pounds (18 million yen) from the virtual currency wallet.

LAPSUS$ also launched a ransomware attack on the Brazilian Ministry of Health in December 2021, and was found to have stolen millions of new coronavirus vaccination data in Brazil. LAPSUS$ has also carried out cyberattacks against federal government organizations such as the Ministry of Economy, the Federal Institutional Inspection Service, and the Highway Police, and later key members of LAPSUS$ residing in Brazil were arrested by Brazilian police. .

In January 2022, the boy was arrested once but released. However, the boys illegally accessed NVIDIA's network in February 2022 immediately after their release and stole and leaked confidential data. In order to gain unauthorized access, the boys have illegally hired people pretend to be employees, instruct them to obtain NVIDIA login information, and request access authorization requests to real employees' phones at midnight. A police investigation revealed that a large amount of spam mail was sent. The boys threatened to release the stolen data to NVIDIA and demanded a ransom payment.

Also, in March 2022, we accessed networks such as Microsoft, Vodafone, and Samsung to steal source code. The trick is ' social engineering ', and in the case of Microsoft, 'introduce a tool to steal passwords and acquire passwords and session tokens', 'purchase authentication information and session tokens from underground crime forums', 'Microsoft It is said that a method such as 'paying compensation to employees to gain access to authentication information' was used.

Shortly before being re-arrested in March 2022, the boy had his personal information exposed on the Internet by a rival hacker. The boy and his family's contact information and photos were published on social media, so the boy was re-arrested and transferred to a hotel to protect his safety. In addition, a cyber security expert who was chasing LAPSUS $ while cooperating with the police seems to have identified the boy's identity for a while before the boy's personal information was exposed.

While the boy was sheltered at the hotel, he was prohibited from accessing the internet. However, when the London Police searched the hotel room, it turned out that the Amazon Fire TV Stick was stuck in the hotel TV used by the boy, and a smartphone, keyboard, and mouse were found.

The boy used an Amazon Fire TV Stick to break into a cloud computing service from a hotel, working with other members of LAPSUS$ to gain unauthorized access to networks of Revolut, Uber, Microsoft and Rockstar Games. He also posted on Rockstar Games' internal Slack, ``I'm an attacker, not an employee. I downloaded all the GTA6 data. It was reported that the method of intimidating the attacker directly in the internal Slack was ``the most daring hack''.

The GTA6 data was actually posted on fan forums in the form of movies and screenshots, and Rockstar Games has confirmed that this is real.

Data of 'Grand Theft Auto 6' under development leaked by hacking, development company admits that leaked data is genuine - GIGAZINE

In September 2022, a young boy who was illegally accessing the hotel was re-arrested, and the London Police arrested seven people who were believed to be related to LAPSUS$, and LAPSUS$ stopped its activities. The US Cyber Security and Infrastructure Security Agency (CISA) warned that cyber defenses need to be improved to counter the threat of teenage hackers, including LAPSUS$ (PDF file) .

The prosecution's lead attorney, Kevin Barry, argued that the boys displayed a 'juvenile desire to take credit for their attackers.' Hackers often leave offensive messages on relevant forums, Slack, etc. to claim credit for their crimes. The boys regularly publicized their crimes and mocked the victims' companies in English and Portuguese on the official LAPSUS$ account on Telegram.

According to the BBC , the boy's father said, ``The boy was very good at handling computers and spent a lot of time on the computer.I thought he was always playing games.'' said.

in Security, Posted by log1i_yk