Lapsus$ uses a variety of techniques to gain access to its victims’ information, including name, phone number, and customer proprietary network information.
It then performs fraudulent SIM swaps with the telco’s customer management tools and takes over their online accounts through sign-in and account recovery workflows that sent one-time links or MFA passcodes via SMS or voice calls.
The companies infiltrated by LAPSUS$ comprised BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Samsung, Ubisoft, and Vodafone.
According to the DHS Cyber Safety Review Board, Lapsus$.
It characterized Lapsues as unique for its effectiveness, speed, creativity, and boldness, and for weaponizing a playbook of effective techniques.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply