"Lapsus$ Hackers Took SIM Swapping Attacks to the Next Level"

The US Department of Homeland Security (DHS) Cyber Safety Review Board (CSRB) released a report after analyzing the techniques, such as SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. In December 2022, a review of the group's operations began following a string of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims. Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, and Globant are some organizations affected by the Lapsus$ group. Lapsus$ is a loosely organized group consisting primarily of teenagers from the UK and Brazil who acted between 2021 and 2022 for notoriety, financial gain, or fun. However, they also incorporated techniques of varying degrees of complexity with "flashes of creativity." This article continues to discuss the Lapsus$ hackers' SIM swapping attacks.

Bleeping Computer reports "Lapsus$ Hackers Took SIM Swapping Attacks to the Next Level"