Uber blames hacking group Lapsus$ for cyber attack – On Monday Uber disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group, (UBER) said the attackers first gained access to the company’s systems when they successfully convinced a contractor to grant a multi-factor authentication challenge. The contractor’s network password had likely been obtained separately on a dark web marketplace
“From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack,” the blog post said. “The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”
Uber linked the cybersecurity incident it disclosed last week to hackers affiliated with the Lapsus$ gang, a group accused of numerous high-profile corporate data breaches. The company also said the attackers were able to download or access company Slack messages and invoice-related data from an internal tool.
The attacker did not access user-facing systems, user accounts, databases containing personal information or the code that powers Uber’s products, the company said. But it added the investigation is continuing in coordination with law enforcement and multiple cybersecurity firms.
Uber said it was “likely” that a hacker affiliated with Lapsus$ purchased the contractor’s password on the dark web. “The attacker then repeatedly tried to log in to the contractor’s Uber account,” the company said. “Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.”
The blog post marks the first time Uber has publicly attributed the incident to the Lapsus$ gang, which targeted Microsoft earlier this year and is also accused of attacking Nvidia and Okta, Samsung and other companies.
Uber added that in response to the breach, it is strengthening its multifactor authentication policies and has reset employee access to internal tools.
News from snbc13.com