Lapsus$ chaos, a “Metador” hacking campaign and ransomware in L.A.

Jonas Smith/Flickr

Welcome to Changelog for 9/25/22, published by Synack! Blake here, thrilled to start channeling Mr. Autumn Man. Plenty of pumpkin spice, sweater-weather walks and scary movies are finally in the forecast. Plus, everyone’s favorite time of year, Cybersecurity Awareness Month, is right around the corner. Until then, here’s what you may have missed:

 

The payload

The City of London Police set off a flurry of speculation Friday when it announced the arrest of a 17-year-old hacker west of the city.

The timing turned heads in the cybersecurity community: Days before, someone had hacked videogame maker Rockstar Games and leaked troves of material from the next installment of the hugely profitable Grand Theft Auto franchise.

And that’s not the only coincidence. Last Monday, Uber had said it believed the Lapsus$ cybercriminal group — known for rallying teenage hackers to breach targets in Big Tech — was responsible for a noisy intrusion of its own corporate networks this month. (For more on fallout from the Uber hack, check out Nate Mott’s latest README contribution.)

Add to that the fact London police arrested several alleged members of Lapsus$ in March (releasing a 16-year-old and 17-year-old on bail), and the takeaway was clear: Lapsus$ is back.

Yesterday, Detective Michael O’Sullivan from the City of London Police’s Cyber Crime Unit said the teenager arrested Thursday “has been charged with two counts of breach of bail conditions and two counts of computer misuse.”

The teenager’s name is not being released because he is a minor, and his ties, if any, to the Uber and Rockstar Games hacks are still murky. But if previous breaches of Nvidia, Okta, Microsoft, Cisco, T-Mobile and Samsung are any indication, it’s clear that chaotic hacking crews like Lapsus$ can still wreak havoc in high-profile companies.

It’s not a good sign for cybersecurity when teenagers, perhaps driven by a desire for bragging rights and money, routinely pull off hack-and-leak operations disruptive enough to make nation-state hackers blush.

The week, compiled

Here’s what caught my eye last week:

Zero Day: Researchers with SentinelLabs shared details of a long-running “Metador” hacking campaign that has been surreptitiously targeting telecoms and internet service providers in parts of Africa and the Middle East. The technical complexity of the operation suggests it could be the work of a contractor for a nation-state, SentinelLabs said.

Motherboard: Parts of the U.S. military have purchased a powerful data monitoring tool that reportedly sweeps up information from 100 billion records daily. Florida-based company Team Cymru’s “Augury” platform could grant U.S. officials access to sensitive data that would normally require a warrant, Motherboard reported.

CNN: Oops! Morgan Stanley is accused of failing to scrub sensitive client data from devices that were later resold online. The financial services giant agreed to a $35 million settlement with the Securities and Exchange Commission stemming from its “extensive failures” to protect personal identifying information over a five-year period starting in 2015.

A message from Synack

Cybersecurity professionals face a raft of challenges when it comes to staffing up to meet ever-evolving digital threats. Hear how the U.S. Department of Health and Human Services navigates cybersecurity hiring hurdles in a webinar featuring Matthew Shallbetter, Director for Security Design and Innovation at HHS, and Synack’s own Scott Ormiston, who speak to tactics and solutions for augmenting public sector security teams and best practices for setting up continuous penetration testing. Learn more and view the webinar on demand here.

Flash memory

For a different kind of bug bounty: Zach Dorfman of Project Brazen combed through old KGB documents for a revealing look at U.S. counterespionage in the 1980s. Soviet diplomatic facilities were brimming with U.S. bugs, according to the declassified intelligence files.

Listening devices could be anywhere, Dorfman wrote: “Encased in plaster in an apartment closet; behind electrical and television outlets; bored into concrete bricks and threaded into window frames; inside wooden beams and baseboards and stashed within a building’s foundation itself; surreptitiously attached to security cameras; wired into ceiling panels and walls; and secretly implanted into the backseat of cars and in their window panels, instrument panels, and dashboards.”

The snapshots Dorfman shares offer a rare window into a golden era of espionage. They may also make you want to check under your desk.

Local files

L.A. Times: A cyberattack on the Los Angeles Unified School District has now been paired with a ransom demand, officials confirmed last week. School district authorities said they are in contact with the FBI and other cybersecurity experts as negotiations with the hackers continue. It’s unclear what information may be held hostage, but officials said they’re optimistic that social security numbers and other sensitive employee data are secure.

 1_yXq8UkzGx2pBznnxnmjgBw
The Los Angeles skyline. melfoody/Flickr

The Wall Street Journal: Russian hacktivists and cybercriminals are working hand-in-hand with intelligence agencies as Moscow escalates its war in Ukraine, according to new research by Google’s Mandiant cybersecurity subsidiary. “We have never previously observed such a volume of cyberattacks, variety of threat actors, and coordination of effort within the same several months,” Mandiant said in a new report on pro-Russian hacking activity in early 2022.

Off-script

Seven-year-old “Corn Kid” Tariq took the internet by storm last month with his utterly endearing ode to the starchy vegetable.

“Ever since I was told that corn was real, it tasted good,” he said in a now-viral video.

Sage words from the second-grader, who’s since been proclaimed South Dakota’s Corn-bassador and has even graced the pages of The New York Times. I was relieved to read that Tariq’s family “actually appears to have done the impossible: maintaining a semblance of normalcy, safety and fun for Tariq while he runs out his fame clock,” the Times’ Madison Malone Kircher wrote last week.

But he still can’t go back to Prospect Park, where the viral video interview went down — he’s facing too many questions about corn.

 1_j__GoSY1b3fWpPomTfr6FQ
Tariq, the viral sensation and “CEO of Corn.” Via YouTube

That’s it for this week—see you next Sunday! Don’t forget to send tips and feedback to bsobczak@synack.com. Hope you have a corntastic day!