Lapsus, a hacking group based in South America, has struck tech giants including Apple and Facebook (Meta) among other organisations. The hackers gained access to Law Enforcement Agencies of various countries and spoofed the requests from the hacked email domains that belong to these Agencies. The group faked the Law Enforcement Agency’s Emergency Data Request [EDR] processes to obtain the information. Reports suggest that the group compromised Law Enforcement accounts and requested sensitive User information such as Address, Phone Number, IP Address and other information from Apple and Facebook (Meta).
Globant, an international software development organisation, has confirmed a data breach in which 70 GB of source code was stolen from them.
Screenshots shared by Lapsus$ shows that the Source Code belonged to several multinational organisations among which Facebook (Meta) and Apple were also included. From the screenshots it can be understood that the Apple Health App was targeted. The group has released this stolen data by uploading it to Torrents and sharing the link through Telegram, announcing that “We are officially back from a vacation”.
London Police arrested a 16 year old teenager on March 24th of 2022 who was an Oxford student living with his parents. Reports from the United Kingdom reveal that 7 individuals, aged between 16 and 21 and who are alleged to be associated with the group Lapsus$, were arrested and among them was the Oxford teenager, who is suspected to be the leader of the hacking group.
Attacks such as these show how even the largest conglomerates such as Apple and Facebook (Meta) are not immune to cyber attacks. The social engineering attack (phishing attack) carried out by Lapsus$ led to these tech giants releasing the requested data. This shows the necessity for organisations to implement good cyber security practices by conducting regular education programs which are commonly known as “InfoSec Awareness”, “Security Training” or “InfoSec Education”. Organisations should conduct regular Security Audits regardless of their size or location, to help them remain compliant with the Law and close any security gaps that may have been discovered during the process. Auditor, one of Neumetric’s cyber security products, is designed exclusively to conduct Security Audits and help organisations achieve Security Compliances and remain compliant with the various laws and regulations that apply to that organisation.