View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 2, 2022

US Department of Homeland Security to probe Lapsus$ hackers

The notorious data extortion gang disrupted big businesses earlier this year in a high-profile crime spree.

By Matthew Gooding

The US Department of Homeland Security (DHS) Cyber Safety Review Board has launched an investigation into the Lapsus$ hacking gang which terrorised businesses in a high-profile crime spree earlier this year.

The Department of Homeland Security has launched an investigation into Lapsus$. (Photo by Gil C/Shutterstock)

DHS announced on Friday that the gang would come under the microscope of the board, which was set up to evaluate major cybersecurity incidents and make recommendations about how future problems can be avoided. It had previously run an investigation into the Log4J javascript vulnerability, which led to a series of cyberattacks when it was discovered last year.

Lapsus$ carried out a series of data extortion raids earlier this year, with Microsoft and Nvidia among its victims.

Why the DHS cyber review board is investigating Lapsus$

The investigation will look at how Lapsus$ apparently breached some of the world’s biggest companies, the DHS said.

The review will look at how Lapsus$ “allegedly impacted some of the biggest companies in the world, in some cases with relatively unsophisticated techniques, and determine how we all can build resilience against innovative social engineering tactics and address the role of international partnerships in combating criminal cyber actors,” Homeland security secretary Alejandro Mayorkas told reporters.

Mayorkas added that the extent of the gang’s activities meant it was significant enough to warrant a full review from the board. The 15-person group was established by a White House executive order last year, and comprises cyber experts from the public and private sectors.

Is Lapsus$ still active?

Though Lapsus$ was first spotted in December 2021, the group shot to prominence in February with a string of attacks on Big Tech companies, with Microsoft, Nvidia and Samsung among reported victims. Microsoft confirmed it had been breached by the group in a lengthy blog post detailing the gang’s tactics, but said no customer data had been accessed.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The gang's crude tactics, often utilising stolen data already available on the dark web, and lack of obvious ransom demands, led many analysts to question their motivations, comparing their high-profile attacks to those of hacktivist groups such as Anonym2ous and Lulzsec, which used their activities to gain prominence or further political beliefs.

On 24 March, City of London Police said they had arrested seven teenagers in connection with Lapsus$ activities. At the same time, Bloomberg reported the gang's mastermind was a 16-year-old boy living in the UK.

Since then a Lapsus$-linked hacker has been accused of carrying out a breach of Uber which took place in September, and may have also been to blame for a major leak of material from the much-anticipated Grand Theft Auto VI video game.

Rob Silvers, DHS undersecretary for strategy, policy and plans and chair of the CSRB, declined to comment on whether the gang was still active when questioned by reporters.

Read more: How artificial intelligence can aid the fight against cybercrime

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.