Security News > 2023 > August > Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information.
Central to pulling off the extortion schemes was their ability to conduct SIM swapping and prompt bombing attacks to gain unauthorized access to corporate networks after an extensive social engineering phase.
A recent report from the U.S. government found that the actors offered as much as $20,000 per week for access to telecommunications providers so as to carry out the SIM swap attacks.
"To execute fraudulent SIM swaps, LAPSUS$ obtained basic information about its victims, such as their name, phone number, and customer proprietary network information," the Department of Homeland Security's Cyber Safety Review Board said.
"LAPSUS$ learned the information through a variety of ways, including issuing fraudulent EDRs and using account takeover techniques, to hijack the accounts of telecommunications provider employees and contractors."
"It then performed fraudulent SIM swaps via the telecommunications provider's customer management tools. After executing the fraudulent SIM swaps, LAPSUS$ took over online accounts via sign-in and account recovery workflows that sent one-time links or MFA passcodes via SMS or voice calls."
News URL
https://thehackernews.com/2023/08/two-lapsus-hackers-convicted-in-london.html