Uber Attributes Intrusion to Lapsus$ Group, Reveals Extra Particulars About Hacker Assault


As investigations progress, extra details about the hacker intrusion into the corporate’s inside methods Uber are revealed. Final Monday (19), the ride-sharing companies firm gave extra particulars about how the assault came about and indicated the principle suspect: the cybercriminal group. lapse $.

Uber attributes assault to the identical hacker from GTA VI

In an replace publish About what occurred, Uber defined how the assault came about: in brief, an organization contractor had his credentials uncovered after his system was contaminated by malware. Subsequently, the company entry password is believed to have been bought on the darkish net.

It isn’t recognized whether it is a number of attackers, however the suspicion is that the client (and actor of the invasion) is affiliated with the Lapsus$ hacker group. That is as a result of the group used comparable strategies to invade methods from Microsoft, Cisco, Samsung, Nvidia, Okta, amongst different firms.

There are even experiences that the cybercriminal is similar one who leaked particulars of GTA VI final weekend.

With the credential in hand, the attacker repeatedly tried to entry Uber’s inside methods till he succeeded. Since then, different worker accounts have been breached and given the cybercriminal elevated permissions to a number of instruments — together with G-Suite and Slack.

Picture: Replica

Of the evils, the least

It might be troublesome to see something constructive in a hacker invasion. However the excellent news — or much less worse information — is that Uber’s investigations discovered that customers’ confidential data, bank card numbers, checking account data and journey historical past weren’t accessed by third events.

Buyer information saved on cloud suppliers reportedly emerged unscathed from the hack. The corporate’s codebase was additionally reviewed and no adjustments made by the attacker have been discovered.

Lastly, Uber reveals that the hacker might have accessed a doc with bugs and vulnerabilities from the corporate, however claims that every one safety flaws have already been fastened.

The corporate additionally reinforces that it’s going to proceed to collaborate carefully with the FBI, US Division of Justice and leaders in digital forensics for deeper investigations into what occurred.

Leave a Comment

Your email address will not be published.

This div height required for enabling the sticky sidebar
Share via
Copy link
Powered by Social Snap