Lapsus$ Targeting SharePoint, VPNs and Virtual Machines

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

NCC Group on Thursday released a report in which it has described the techniques and tactics of the highly unpredictable Lapsus$ attacks, along with how Lapsus$ attacks are launched and what makes it such a unique group. 
The group currently gave up its operation following the arrests of alleged members in March. The attacks launched by the group remain confusing in both their motives and their methods. The group is known for targeting world-famous companies including Microsoft, Nvidia, Okta, and Samsung. 
According to the report, Lapsus$ used stolen authentication cookies, specifically ones used for SSO applications, to initially get access into targeted systems. With this, the threat actors also scraped Microsoft SharePoint sites used by target organizations to get credentials within technical documentation. 
“Credential harvesting and privileged escalation are key components of the LAPSUS$ breaches we have seen, with the rapid escalation in privileges the LAPSUS$ group has been seen to elevate from a standard user account to an administrative user within a couple of days,” the report said. 
Following the report, it has been learned that a major goal of the group is to exploit corporate VPNs, capitalizing on their increased use of them over the last few years. 
“A

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: