Lapsus$ – Analysis of a cyber attack

How to find cyber attackers disguised behind employee's credentials, using Behavioral Analytics. Check out our contribution on Lapsus$ cyber attack.

In a blog post dated March 22, 2022, published hours after Lapsus$ (one of the most prolific hacking groups in the world) posted a file containing partial source code for Bing, Bing Maps, and Cortana, Microsoft revealed that an employee's account was compromised by the hacker group, giving attackers access to Microsoft systems and allowing source code theft.

Microsoft admitted a five-day window of time between January 16 and 21, 2022, when an attacker had access to a support engineer's laptop. Do you know how many behavioral anomalies an external attacker can unleash disguised as an employee from his laptop just in a few hours?

Many.

Lapsus$ is known for using a pure extortion and destruction model (without deploying ransomware payloads). Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and Multi-Factor Authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets.

"The social engineering and identity-centric tactics leveraged by Lapsus$ require detection and response processes that are similar to insider risk programs-but also involve short response timeframes needed to deal with malicious external threats"

March 22, 2022 - Microsoft Threat Intelligence Center (MSTIC)

For more detailed information, please download the full document.

Just a Step Away! Enter Your Details to Grab Your Paper

Thank you! Here your Resource

download pdf icon

Download Resource Here

Oops! Something went wrong while submitting the form.
Recent blog post
KEEP IN TOUCH
Take a step towards the future
Sharelock’s solutions are extensive, secure, easy-to-use and reliable. The power of AI can help your organization to discover real threat faster. Contact us for further information.
CONTACT US
Connect with Us
Via Gustavo Giovannoni 76,00128 Rome, Italy
P.IVA 14054121000
info@sharelock.ai
Funded by the european Union logo.