Analysis The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country’s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.
However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.
Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.
Days later, the group broke into Samsung, hoping to unlock the secrets of its TrustZone secure environment, and eventually leaked almost 200GB of data, including algorithms related to its biometric technologies, source code for bootloaders, activation servers, and authentication for Samsung accounts, and source code given to chip-designing partner Qualcomm.
Ubisoft, whose games include Assassin’s Creed, Prince of Persia and Watch Dogs, last week said in a brief statement it had “experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue.”
The development house added that all of its games and services were operating as normal despite the attack. The online criminals have reportedly claimed the disruption was their work.
The attacks on Nvidia, Samsung, and seemingly Ubisoft represent a sharp upward turn in terms of the size of Lapsus$’s targets.
Cybersecurity experts describe a still-maturing cybercriminal group that is testing its capabilities with a range of different attack methods – from data…