Kevin Beaumont@GossiTheDog@cyberplace.social
The NCA might want to urgently pick up the LAPSUS guys again.
Kevin Beaumont@GossiTheDog@cyberplace.social
Rairii :win3_progman: :win3: @Rairii@labyrinth.zone
@GossiTheDog@cyberplace.social did they drop any hints that they still have the rest of nvidia's src tree lol
Kevin Beaumont@GossiTheDog@cyberplace.social
That one was Rockstar Games internal build environment, 100%, from a few years ago. Theyβre also posting screenshots for Victoriaβs Secret etc.
Kevin Beaumont@GossiTheDog@cyberplace.social
What a time to be alive
Tl;dr of the Scatter Spider LAPSUS$ chat aka fuckmandiantunit221bcr0wdshart is:
- theyβve owned a lot of big companies by phoning them up and asking for access - this includes orgs who havenβt disclosed their incidents
- they also appear to have an Oracle WebLogic exploit (unclear if zero day) and a SAP Netweaver exploit and used that to get inside orgs
- They appear to also be (or owned) ShinyHunters ransomware, as they include internal ShinyHunter emails and IMs.
Kevin Beaumont@GossiTheDog@cyberplace.social
What a time to be alive
Tl;dr of the Scatter Spider LAPSUS$ chat aka fuckmandiantunit221bcr0wdshart is:
- theyβve owned a lot of big companies by phoning them up and asking for access - this includes orgs who havenβt disclosed their incidents
- they also appear to have an Oracle WebLogic exploit (unclear if zero day) and a SAP Netweaver exploit and used that to get inside orgs
- They appear to also be (or owned) ShinyHunters ransomware, as they include internal ShinyHunter emails and IMs.
grey@grey@infosec.exchange
@GossiTheDog@cyberplace.social The hacker known as 4chan just flew over my house!
Mike Siegel@mikesiegel@infosec.exchange
@GossiTheDog@cyberplace.social
Kevin Beaumont@GossiTheDog@cyberplace.social
It has strong rings of former LAPSUS$ activity due to a range of things, including many of the same victim orgs, screenshots from historic incidents 2021-2022 which werenβt public, targeting Portuguese speaking orgs again, staying up to 4am, the lingo, UK links etc.
They also appear to targeting UK justice system network, goading the NCA and going after more retailers.
grey@grey@infosec.exchange
@GossiTheDog@cyberplace.social Teen skids are doing a great job leading the industry around on a leash. It kills me to see our industry tracking scattered spider like it's a cohesive intrusion set and not hundreds of teens on different discords, telegrams, signal gc, and tox groups sharing photos and screenshots to brag to their underage Roblox girlfriends.
Kevin Beaumont@GossiTheDog@cyberplace.social
The LAPSUS$ weekend bender has been concluded, Telegram channel has been deleted.
Sentry23@Sentry23@infosec.exchange
@GossiTheDog@cyberplace.social aaaw :(