The company returned to the data leak in which she was the victim last week. She accuses the Lapsus $ group, also responsible, according to her, for the leak of data having targeted Rockstar Games, publisher of “GTA 6”.
Le Monde
Uber, new victim of the $ Lapsus group? The American VTC company published on its site, Monday September 19 in the evening, A first report returning to the intrusion and the leak of data which she was the victim on the night of September 15 to 16. Uber attributes the attack there that targeted its computer systems to a pirate linked to this cybercriminal group, known to have targeted several large companies in the new technologies sector at the beginning of 2022.
Uber believes that the techniques that have allowed the pirates to compromise its system are similar to those used previously by $ lapsus. She also notes that the hacking that targeted Rockstar Games on Sunday, GTA 6 video game publisher, responds to a similar diagram.
According to Uber’s analyzes, the starting point for the intrusion is in the hacking of an external contractor working for the company. “It is likely that the attacker bought the Uber password from the Contractor on the Dark Web” estimates Uber, who specifies that the attacker (s) have managed to circumvent multifactor authentication by multiplying the connection attempts until this that the victim mistakenly validates the authentication request. Once inside, the pirates (s) have targeted other users’ accounts, until you reach a high enough level of privileges to access the company’s resources, including G-Suite and internal Slack messaging. The attackers took advantage of it in passing to “reconfigure the Uber opendns to display a shocking image visible by employees on certain internal sites”.
more for fear than evil
In its report, Uber also gives a first estimate of the data stolen by the attack (s) of the attack: the company has thus found that messages published on its internal slack had been downloaded, as well as information available by The software intermediary used by the accounting team to process invoices. The attackers would also have had access to the Hackerone control panel, the program used by Uber to reward the safety researchers who report flaws in its applications. But the company specifies that the reports to which they were able to have access had already been dealt with by its teams, and that the intruders could not take note of uncharted flaws.
The company finally reassures its users by insisting that no user data has been assigned, as are bank card data. In the same way, Uber made sure that no modification had been made to the source code of its applications. Company officials have also detailed the security measures taken to ensure that the authors of the attack no longer have access to the internal tools of the company.
Uber claims to work in close collaboration with the FBI and the American justice department, as well as with several companies specializing in cybersecurity within the framework of the survey.
The Lapsus $ group, or a close member of the group, is also suspected of being maneuvering in the hacking of Rockstar Games, developer of the successful video game series Grand Theft Auto. The operating mode used in Uber and that of Rockstar Games is, in fact, similar to that of numerous attacks allocated to the $ Lapsus group, active since the end of 2021 and particularly active in March 2022: they have thus claimed the hacking of Microsoft, Okta, Nvidia or Samsung. The announcement of several arrests in Great Britain in April had taken a stop to the group’s activities. Two adolescents had then been charged.