LAPSUS$ Speaks: Inside the Minds of the Notorious Cyber Group
In an exclusive interview with ‘חדשות סייבר - ארז דסה’, the notorious LAPSUS$ hacking collective offers a rare glimpse into their operations and motivations. Dispelling rumors of a partnership with ShinyHunters, LAPSUS$ claims the group has devolved into mere impersonators. They also addressed the TeamPCP supply chain attacks, noting that while the impact could have been far greater, they have since reorganized their internal infrastructure with TeamPCP to mitigate future risks. This collaboration with TeamPCP, now reportedly involving Vect, focuses on technical execution by TeamPCP, granting LAPSUS$ access for exploitation, with LAPSUS$ stating, “Several targets have already been attacked, and more victims will be affected later.”
Regarding law enforcement pressure, including FBI investigations and arrests in the UK and Brazil, LAPSUS$ acknowledges that each incident impacts their operations, leading to past periods of inactivity. However, they assert their return, promising future actions will speak for themselves. On their controversial practice of openly recruiting insiders for high payments, the group claims to vet individuals rigorously, trusting only those who can prove their insider status, and dismisses concerns about law enforcement infiltration as a minor risk due to their closed nature.
The group highlighted Multi-Factor Authentication (MFA) bypass and SIM swapping as historically effective entry methods. However, they now lean more heavily on insider recruitment and voice phishing (vishing), leveraging intelligence from supply chain attacks to shift towards more technically driven access rather than solely social engineering. Looking ahead, LAPSUS$ plans to continue its trajectory of visibility, impact, and collaboration, particularly with TeamPCP, aiming to expose and extort companies. They believe only a fundamental shift in organizational mindset, which they deem unlikely, could halt their operations, citing money and enjoyment as their primary drivers.
What This Means For You
- Organizations must recognize that sophisticated threat actors like LAPSUS$ are evolving their tactics beyond traditional social engineering, increasingly leveraging supply chain compromises and insider threats. Enhance defenses by rigorously vetting third-party software dependencies and strengthening insider threat programs through robust monitoring and access controls.
Found this interesting? Follow us on LinkedIn to stay ahead.