• Source: Lapsus$

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.
Lapsus$ uses a variety of attack vectors, including social engineering, MFA fatigue, SIM swapping, and targeting suppliers. Once the group has gained the credentials to a privileged employee within the target organisation, the group then attempts to obtain sensitive data through a variety of means, including using remote desktop tools. Attempts at extortion follow. Initially, the messaging app Telegram had been used for communications to the public, including recruitment and posting sensitive data from their victims.
The first major cyberattack attributed to Lapsus$ was against the Brazilian Health Ministry's computer systems in December 2021. Lapsus$ gained notoriety for a series of cyberattacks against large tech companies, including Microsoft, Nvidia, and Samsung. Following these attacks, the City of London Police announced that it had made seven arrests in connection to a police investigation into Lapsus$. Although the group had been considered inactive by April 2022, the group is believed to have re-emerged in September 2022 with a series of data breaches against various large companies through a similar attack vector, including Uber and Rockstar Games, with subsequent arrests again by City of London Police, and Brazilian police. The group appears to have become inactive after September 2022, with members perhaps dispersing to other groups, and the conviction of two British members. One of the group's founding members, Arion Kurtaj, was given an order to indefinitely remain in a secure psychiatric facility.




Attacks






= Brazil's Ministry of Health (2021)

=
The first known cyberattack committed by Lapsus$ was against Brazil's Ministry of Health. The Ministry of Health website was taken down on Friday, 10 December around 1 AM. Lapsus$ left a message, "Contact us if you want your data back", along with their Telegram and e-mail addresses on the homepage of the website of the ministry after exfiltrating and deleting 50 TB of data on internal servers. By Friday afternoon the message had been removed, but the website and user data in the "ConecteSUS" app, which provides Brazilians with COVID vaccination certificates, remained unavailable, causing disruption for travelers.




= Okta (2022)

=
On 21 January 2022, Lapsus$ had gained access into the servers of identity and access management company Okta through the compromised account of a third-party customer support engineer. Okta confirmed the breach on 25 January 2022. Based on the final forensic report, Okta's Chief Security Officer David Bradbury said the attack only impacted two active customers. Okta began investigating claims of a hack after Lapsus$ shared screenshots in a Telegram channel implying they had breached Okta's customer networks. Initially, Okta said that a Lapsus$ hacker obtained Remote Desktop (RDP) access to a Sitel support engineer's laptop over "a five-day window" between January 16 and January 21.




= Nvidia (2022)

=
On 23 February 2022, technology company Nvidia became aware of a breach into its systems. Lapsus$ claimed to have a terabyte of data from Nvidia, and threatened to release the "complete silicon, graphics, and computer chipset files for all recent NVIDIA GPUs, including the RTX 3090Ti and upcoming revisions" if Nvidia didn't open-source its device drivers. On 3 March 2022 the credentials for Nvidia's over 71,000 employees emerged online.




= Samsung (2022)

=
On 4 March 2022, Lapsus$ posted a 190 GB torrent to internal data belonging to phone manufacturer Samsung, including the source code of its Samsung Galaxy line of phones. Samsung confirmed the breach three days later.




= Mercado Libre (2022)

=
On 8 March 2022, Argentinian e-commerce company Mercado Libre confirmed that user data for 300,000 customers had been accessed by Lapsus$; the group also claimed to have access to 24,000 repositories belonging to Mercado Libre.




= Ubisoft (2022)

=
On 10 March 2022, gaming company Ubisoft confirmed that it had experienced a "cyber security incident", although user data had not been accessed.




= T-Mobile (2022)

=
On 17 March 2022, Lapsus$ had gained access to an employee account within the telecommunications company T-Mobile. A prominent member of Lapsus$ going by the pseudonym "White" unsuccessfully attempted to gain access to the T-Mobile accounts of the Federal Bureau of Investigation and the United States Department of Defense. Lapsus$ was, however, able to obtain the source code repositories belonging to T-Mobile.




= Microsoft (2022)

=
On 20 March 2022, Lapsus$ posted a screenshot of the technology company Microsoft's Azure DevOps server to their Telegram channel. The following day, the group released a 37 GB zip file containing, among other things, "90% of the source code for the Bing search engine".




= Globant (2022)

=
On 30 March 2022, Luxembourg-based IT company Globant confirmed its network had been breached by Lapsus$.




= Uber (2022)

=
On 15 September 2022, Uber announced that it had been breached by Lapsus$.




= Rockstar Games (2022)

=

On 18 September 2022, 90 videos of game footage relating to Grand Theft Auto VI emerged on GTAForums. The hacker is thought to have been affiliated with Lapsus$. On 25 December 2023, additional content obtained from the breach a year prior was reported to have been leaked, including game files for the planned follow-up to Bully, Python code to Grand Theft Auto VI, and the full source code to Grand Theft Auto V, which included hints about planned DLC content for the game.




Interactions


The group used the messaging app Telegram, and the Lapsus$ Telegram channel was used to announce data dumps and to recruit accomplices. As of March 2022, it has nearly 50,000 subscribers. The group posted polls as to which organisation the group should target next.
The FBI made an appeal for information on 21 March 2022.




Composition


According to the indictment, the group's mastermind was Arion Kurtaj, a 16-year-old residing in Oxford, England, with another core member being a teenager in Brazil. A Bloomberg report stated that the group has seven members and was likely formed recently.




Arrests and convictions


On 24 March 2022, seven people aged between 16 and 21 were arrested by the City of London Police in connection to a police investigation into Lapsus$. Arion Kurtaj, a prominent member of the group with the pseudonym White was arrested in Oxford, England. His identity had allegedly previously been disclosed by a former associate, and various groups including research group Unit 221B were reported to have identified him. The prominent member was charged alongside a 17-year-old on 1 April 2022. He was assessed by psychiatrists as unfit to stand trial, but a 7-week court case proceeded until August 2023, and resulted in both the 17-year old and the prominent member being convicted. Kurtaj received an order to indefinitely remain in a secure psychiatric facility.
On October 19, 2022, a Brazilian citizen believed to be a Lapsus$ member was arrested by the police in Feira de Santana, Bahia and subsequently accused of the attacks on the Brazil Ministry of Health and other cybercrimes after "Operation Dark Cloud". Lapsus$ also targeted dozens of other organizations and entities from the Brazilian Federal Government, including the Ministry of Economy, the Comptroller General of the Union, and the Federal Highway Police. The data appears permanently deleted.




Analysis


The group's assumed modus operandi was based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees. These credentials were acquired in a number of ways, including recruitment or hacking privileged employees using methods such as SIM swapping. Lapsus$ then used remote desktop or network access to obtain sensitive data, such as customer account details or source code. The group then extorted the victim organisation with threats of disclosing the data. In the conspicuous cases, the data was then subsequently released, and information posted on Telegram.
Lapsus$ has used the social engineering tactic known as a multi-factor authentication fatigue attack in its hack of Uber.
The methods used by Lapsus$ were the subject of a review by the US Cyber Safety Review Board in mid 2023.




References






External links


DEV-0537 - Krebs on Security
• Source: Lapsus

In philology, a lapsus (Latin for "lapse, slip, error") is an involuntary mistake made while writing or speaking.




Investigations


In 1895 an investigation into verbal slips was undertaken by a philologist and a psychologist, Rudolf Meringer and Karl Mayer, who collected many examples and divided them into separate types.




= Psychoanalysis

=
Freud was to become interested in such mistakes from 1897 onwards, developing an interpretation of slips in terms of their unconscious meaning. Subsequently, followers of his like Ernest Jones developed the theme of lapsus in connection with writing, typing, and misprints.
According to Freud's early psychoanalytic theory, a lapsus represents a bungled act that hides an unconscious desire: “the phenomena can be traced back to incompletely suppressed psychical material...pushed away by consciousness”.
Jacques Lacan would thoroughly endorse the Freudian interpretation of unconscious motivation in the slip, arguing that “in the lapsus it is...clear that every unsuccessful act is a successful, not to say 'well-turned', discourse”.
In the seventies Sebastiano Timpanaro would controversially take up the question again, by offering a mechanistic explanation of all such slips, in opposition to Freud's theories.




Types of lapsus


In literature, a number of different types of lapsus are named depending on context:

lapsus linguae (pl. same): slip of the tongue
lapsus calami: slip of the pen
lapsus manus: slip of the hand; a synonym for lapsus calami
lapsus clavis: slip of the key (implying a typewriter or computer keyboard)
lapsus memoriae: slip of memory




= Types of slips of the tongue

=
Slips of the tongue can happen on any level:

Syntactic — "is" instead of "was".
Phrasal slips of tongue — "I'll explain this tornado later".
Lexical/semantic — "moon full" instead of "full moon".
Morphological level — "workings paper".
Phonological (sound slips) — "flow snurries" instead of "snow flurries".
Each of these five types of error may take various forms:

Anticipation: An early item is corrupted by an element belonging to a later one, thus "reading list" — "leading list"
Perseveration or post-sonance: A later item is corrupted by an element belonging to an earlier one Thus "waking rabbits" — "waking wabbits".
Deletion: An element is lost, thus "same state" — "same sate"
Shift or spoonerism: Moving a letter, thus "black foxes" — "back floxes"
Haplology or fusion: Half one word and half the other, thus "stummy" instead of "stomach or tummy"
Pun




Motivation


Meringer and Mayer highlighted the role of familiar associations and similarities of words and sounds in producing the lapsus. Freud objected that such factors did not cause but only "favour slips of the tongue...in the immense majority of cases my speech is not disturbed by the circumstance that the words I am using recall others with a similar sound...or that familiar associations branch off from them (emphasis copied from original)".
Timpanaro later reignited the debate, by maintaining that any given slip can always be explained mechanically without a need for deeper motivation.
J. L. Austin had independently seen slips not as revealing a particular complex, but as an ineluctable feature of the human condition, necessitating a continual preparation for excuses and remedial work.




See also






References






Further reading


Sigmund Freud, The Psychopathology of Everyday Life (1965 [1901])
Jonathan Goldberg, Writing Matter (1990)
Sebastiano Timpanaro, The Freudian Slip (1976) (translation of Il lapsus freudiano: psicanalisi e critica testuale, 1974)
John Austin, 'A Plea for Excuses', in Philosophical Papers (1961)




External links


The dictionary definition of lapsus at Wiktionary

Kata Kunci Pencarian:

• Kaltim Post
• Grand Theft Auto VI
• Sawo kecik
• Blustru
• Calvinisme
• Ular-cokelat timur
• Khairul Saleh
• Kondor Andes
• Trulek gelambir-kuning
• Kambangan besar
• Lapsus$
• Lapsus
• Doxbin (clearnet)
• Speech error
• Grand Theft Auto VI
• Diaphania indica
• Punctate flower chafer
• Multi-factor authentication fatigue attack
• Tinfoil barb
• Reformed Christianity