Security News > 2023 > August > Lapsus$ hackers took SIM-swapping attacks to the next level

The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
The group used SIM swapping to gain access to a target company's internal network and steal confidential information like source code, details about proprietary technology, or business and customer-related documents.
In a SIM-swapping attack, the threat actor steals the victim's phone number by porting it to a SIM card owned by the attacker.
During the research, CSRB's findings, the group paid as much as $20,000 per week to access a telecommunications provider's platform and perform SIM swaps.
While Lapsus$ was characterized by effectiveness, speed, creativity, and boldness, the group was not always successful in its attacks.
Despite security researchers and experts decrying for years the use of SMS-based authentication as insecure, DHS' Cyber Safety Review Board highlights that "Most organizations were not prepared to prevent" the attacks from Lapsus$ or other groups employing similar tactics.
News URL
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)