Brutkey

Kevin Beaumont
@GossiTheDog@cyberplace.social

What a time to be alive

Tl;dr of the Scatter Spider LAPSUS$ chat aka fuckmandiantunit221bcr0wdshart is:

- they’ve owned a lot of big companies by phoning them up and asking for access - this includes orgs who haven’t disclosed their incidents

- they also appear to have an Oracle WebLogic exploit (unclear if zero day) and a SAP Netweaver exploit and used that to get inside orgs

- They appear to also be (or owned) ShinyHunters ransomware, as they include internal ShinyHunter emails and IMs.

grey
@grey@infosec.exchange

@GossiTheDog@cyberplace.social The hacker known as 4chan just flew over my house!

Mike Siegel
@mikesiegel@infosec.exchange

@GossiTheDog@cyberplace.social

Kevin Beaumont
@GossiTheDog@cyberplace.social

It has strong rings of former LAPSUS$ activity due to a range of things, including many of the same victim orgs, screenshots from historic incidents 2021-2022 which weren’t public, targeting Portuguese speaking orgs again, staying up to 4am, the lingo, UK links etc.

They also appear to targeting UK justice system network, goading the NCA and going after more retailers.

Kevin Beaumont
@GossiTheDog@cyberplace.social

The LAPSUS$ weekend bender has been concluded, Telegram channel has been deleted.

Sentry23
@Sentry23@infosec.exchange

@GossiTheDog@cyberplace.social aaaw :(