View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 20, 2022

A Lapsus$-linked hacker could be behind cyberattacks on Uber and Rockstar Games

The same cybercriminal may have struck at the ride-hailing giant and the games studio behind the Grand Theft Auto series.

By Matthew Gooding

Uber believes a hacker linked to the notorious Lapsus$ gang was behind a major breach of its systems last week. The company revealed the offender gained access to its system by stealing a contractor’s credentials, and said the same offender may be behind a breach of systems at Rockstar Games, which saw details of its upcoming title Grand Theft Auto VI leaked online.

Grand Theft Auto maker Rockstar Games has confirmed a breach of its systems. (Photo by rafapress/Shutterstock)

Last week’s Uber hack saw an attacker gain access to a wide range of the company’s systems, before taunting staff on the company’s internal Slack channels. In a security update released yesterday, the ride-hailing giant revealed details of the breach and the steps it has taken to mitigate damage.

How the Uber cyberattack happened

It is thought a contractor working for Uber had their credentials stolen and used by the hacker. “It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web after the contractor’s personal device had been infected with malware, exposing those credentials,” Uber said. “The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.”

This enabled the criminal to access several other employee accounts which “ultimately gave the attacker elevated permissions to a number of tools”. These included G-Suite and Slack.

Uber says its investigation has not yet turned up any evidence that the attacker was able to access databases containing customer data, and that it does not think the hacker made any changes to its codebase. However, they may have downloaded information from an internal system used by the company’s finance team to process invoices.

Meanwhile, the offender also gained control of the company’s HackerOne security console, where bugs and vulnerabilities are logged. Uber says any problems exposed in the breach have been remediated.

Who was behind the Uber cyberattack?

An investigation into the incident is ongoing, and Uber said “we believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$”.

As reported by Tech Monitor, Lapsus$ went on a high-profile hacking spree earlier this year, targeting the likes of Microsoft, Samsung and digital identity provider Okta. Reports at the time suggested the group’s mastermind was a 16-year-old boy, and in March, UK police arrested seven teenagers purported to have links to the gang.

Content from our partners
Unlocking the value of artificial intelligence and machine learning
Behind the priorities of tech and cybersecurity leaders
Corporate ransomware attacks: It’s only a matter of when, not if

The group has also been linked to a hack on software developer Rockstar Games this weekend, which saw videos of the development of hotly anticipated game Grand Theft Auto VI, as well as source code purporting to be from GTA V, leaked online.

“We recently suffered a network intrusion in which an unauthorised third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto,” Rockstar said in a statement. “At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects.”

Uber’s security update noted: “We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.”

Read more: Entrust attack is likely the work of a ‘top tier’ hacking gang

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU