The US Department of Homeland Security (DHS) Cyber Safety Review Board has launched an investigation into the Lapsus$ hacking gang which terrorised businesses in a high-profile crime spree earlier this year.
DHS announced on Friday that the gang would come under the microscope of the board, which was set up to evaluate major cybersecurity incidents and make recommendations about how future problems can be avoided. It had previously run an investigation into the Log4J javascript vulnerability, which led to a series of cyberattacks when it was discovered last year.
Lapsus$ carried out a series of data extortion raids earlier this year, with Microsoft and Nvidia among its victims.
Why the DHS cyber review board is investigating Lapsus$
The investigation will look at how Lapsus$ apparently breached some of the world’s biggest companies, the DHS said.
The review will look at how Lapsus$ “allegedly impacted some of the biggest companies in the world, in some cases with relatively unsophisticated techniques, and determine how we all can build resilience against innovative social engineering tactics and address the role of international partnerships in combating criminal cyber actors,” Homeland security secretary Alejandro Mayorkas told reporters.
Mayorkas added that the extent of the gang’s activities meant it was significant enough to warrant a full review from the board. The 15-person group was established by a White House executive order last year, and comprises cyber experts from the public and private sectors.
Is Lapsus$ still active?
Though Lapsus$ was first spotted in December 2021, the group shot to prominence in February with a string of attacks on Big Tech companies, with Microsoft, Nvidia and Samsung among reported victims. Microsoft confirmed it had been breached by the group in a lengthy blog post detailing the gang’s tactics, but said no customer data had been accessed.
The gang's crude tactics, often utilising stolen data already available on the dark web, and lack of obvious ransom demands, led many analysts to question their motivations, comparing their high-profile attacks to those of hacktivist groups such as Anonym2ous and Lulzsec, which used their activities to gain prominence or further political beliefs.
On 24 March, City of London Police said they had arrested seven teenagers in connection with Lapsus$ activities. At the same time, Bloomberg reported the gang's mastermind was a 16-year-old boy living in the UK.
Since then a Lapsus$-linked hacker has been accused of carrying out a breach of Uber which took place in September, and may have also been to blame for a major leak of material from the much-anticipated Grand Theft Auto VI video game.
Rob Silvers, DHS undersecretary for strategy, policy and plans and chair of the CSRB, declined to comment on whether the gang was still active when questioned by reporters.