Ransomware, Threat Management, Threat Management

FBI asks public for help finding Lapsus$ extortion group

The FBI has asked for public help finding the extortionist group Lapsus$.

"On March 21, 2022, individuals from a group identifying themselves as Lapsus$ posted on a social media platform and alleged to have stolen source code from a number of United States-based technology companies. These unidentified individuals took credit for both the theft and dissemination of proprietary data that they claim to have illegally obtained. The FBI is seeking information regarding the identities of the individuals responsible for these cyber intrusions," writes the FBI in a newly issued wanted alert asking for tips, as well as a corresponding wanted poster.

The specific posts on March 21 dealt with potential breaches of LG and Microsoft. Those followed breaches at NVIDIA and Samsung, and were themselves followed by the announcement of a breach at Okta the next day. Since Okta, Lapsus$ has announced a breach at global IT developer Globant and have been tied to alleged 2021 breaches at Apple and Microsoft.

FBI wanted poster for Lapsus$.

The investigation into Lapsus$ is already an international affair. Seven alleged members of the Lapsus$ team were arrested in the United Kingdom last week, which corresponded with a post from the Lapsus$ group saying they had gone on vacation.

This week, after posting they were back from vacation, they added Globant documents to their official channel.

Globant, a Brazilian-based multinational, is the second wave of breaches with a potential Portuguese-language nexus. Lapsus$ had previously attacked Portuguese media groups. Emsisoft believes at least one member of the group speaks Brazilian Portuguese, which is distinct from the version spoken in Portugal.

In the Portuguese media case, Lapsus$ used access to official Twitter accounts and newsletters to claim that the president had been arrested for murder.

The FBI is asking that tips be sent to the FBI field office in San Francisco or the nearest American Embassy or Consulate.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.