Kevin Beaumont@GossiTheDog@cyberplace.social
What a time to be alive
Tl;dr of the Scatter Spider LAPSUS$ chat aka fuckmandiantunit221bcr0wdshart is:
- theyβve owned a lot of big companies by phoning them up and asking for access - this includes orgs who havenβt disclosed their incidents
- they also appear to have an Oracle WebLogic exploit (unclear if zero day) and a SAP Netweaver exploit and used that to get inside orgs
- They appear to also be (or owned) ShinyHunters ransomware, as they include internal ShinyHunter emails and IMs.
Kevin Beaumont@GossiTheDog@cyberplace.social
It has strong rings of former LAPSUS$ activity due to a range of things, including many of the same victim orgs, screenshots from historic incidents 2021-2022 which werenβt public, targeting Portuguese speaking orgs again, staying up to 4am, the lingo, UK links etc.
They also appear to targeting UK justice system network, goading the NCA and going after more retailers.
