HHS on April 7 issued a threat brief detailing the tactics used by cyber criminal group Lapsus$, which recently attacked Microsoft, Samsung and identity management service provider Okta.
Six things to know:
- Lapsus$ does not use ransomware, but instead relies on bribery and nonransomware extortion.
- The group uses tactics ranging "from simple to moderately complex," according to the report. Some of its common approaches are credential theft; multifactor authentication bypass; social engineering; managed service provider compromise; SIM swapping; accessing employees' email accounts; bribing employees, suppliers or business partners of target organizations for credentials and multifactor authentication approval; and self-injection into companies' ongoing crisis communication calls.
- Lapsus$ may be composed of teenagers and young adults, according to the report. Its members speak English, Russian, Turkish, German and Portuguese.
- The group usually targets large companies.
- Lapsus$ was discovered in April 2020.