UK police arrest 7 hacking suspects – have they bust the LAPSUS $ gang?


You’ve almost certainly heard of the LAPSUS $ hacking crew.

That’s it lapsuswhich is as good a Latin word as any for “data breach”, followed by a dollar signlike a text variable in BASIC.

Microsoft refers to this cybergang by the more pedestrian moniker of “the DEV-5037 actor”, and noted, in a blog post earlier this week, that the group has been involved in:

[A] large-scale social engineering and extortion campaign against multiple organizations, with some seeing evidence of destructive elements.

According to Microsoft, the scale of the LAPSUS $ infiltrations has been huge:

Early observed attacks by DEV-0537 targeted cryptocurrency accounts resulting in compromise and theft of wallets and funds. As they expanded their attacks, the actors began targeting telecommunications, higher education, and government organizations in South America. More recent campaigns have expanded to include organizations globally spanning a variety of sectors. Based on observed activity, this group understands the interconnected nature of identities and trust relationships in modern technology ecosystems and targets telecommunications, technology, IT services and support companies – to leverage their access from one organization to access the partner or supplier organizations. They have also been observed targeting government entities, manufacturing, higher education, energy, retailers, and healthcare.