Homepage

Portfolio

Services

Gallery

About

Clients

Testimonials

Blog

Contact

Terms and conditions

Privacy Policy

Changelog
Karuso portfolio Webflow template

Template's Overview

Email us

Call us

powered by weflow

Made by metrik

Lapsus$ Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach.

“No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding that the breach was facilitated by means of a single compromised account that has since been remediated to prevent further malicious activity.

Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer’s laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.

“In the case of the Okta compromise, it would not suffice to just change a user’s password,” web infrastructure company Cloudflare said in a post mortem analysis of the incident. “The attacker would also need to change the hardware (FIDO) token configured for the same user. As a result, it would be easy to spot compromised accounts based on the associated hardware keys.”

LAPSUS$, which first emerged in July 2021, has been on a hacking spree in recent months, targeting a wealth of companies over the intervening period, including Impresa, Brazil’s Ministry of Health, Claro, Embratel, NVIDIA, Samsung, Mercado Libre, Vodafone, and most recently Ubisoft.

The financially motivated group’s modus operandi has been relatively straightforward: break into a target’s network, steal sensitive data, and blackmail the victim company into paying up by publicising snippets of the stolen data on their Telegram channel.

Other tactics adopted by the crew include phone-based social engineering schemes such as SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, bribing employees, suppliers, or business partners of companies for access, and intruding in the ongoing crisis-response calls of their targets to initiate extortion demands.

To mitigate such incidents, Microsoft is recommending organisations to mandate multi-factor authentication (but not SMS-based), make use of modern authentication options such as OAuth or SAML, review individual sign-ins for signs of anomalous activity, and monitor incident response communications for unauthorized attendees.

If you would like any advice or would like to know more about our services, please email security@valkyrie.co.uk or telephone 02074 999 323.

Valkyrie Updates

News

Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers

July 26, 2024

Action Needed to Combat Online Exploitation

The alarming rise in online child grooming crimes has reached a record high, highlighting an urgent need to protect children online. Valkyrie’s Director of Cyber and Electronic Countermeasures, Gurpreet Thathy, has been working in this field since 2008 and was involved in Operation Notarise in 2014, investigating and tackling organised grooming gangs. Even back then, […]
July 18, 2024

Exciting News: Quantum Group Acquires Forensic Control!

Quantum Group, the Parent Company of Valkyrie, is thrilled to announce the acquisition of Forensic Control. Forensic Control, a leading specialist in cyber security and digital forensics, is renowned for making the complex world of cyber security clear and manageable. This strategic acquisition not only strengthens our existing service portfolio but also expands our capabilities […]
July 12, 2024

Total Protection

Valkyrie’s Director of Cyber Security and Electronic Countermeasures, Gurpreet Thathy, has been engaged in a variety of tasks over the past few weeks. These include training sessions in Scotland, cyber assessments in Devon, and TSCM and forensic work in London and Birmingham. However, yesterday, Gurpreet joined our esteemed colleague, Neal Gozzett of Monan Gozzett LLP, […]
July 05, 2024

Safeguarding Personal Information Post-Incident

With the increasing integration of technology into our daily lives, personal security breaches have become alarmingly common. Where it was once standard to have separate devices for personal and work use, it is now the norm to rely on a single device for everything. This convenience is offset by the potentially devastating consequences of a […]
June 21, 2024

Wi-Fi Jammers and Unauthorised Surveillance

Criminals are increasingly using sophisticated technology to target victims. Staying aware of these trends is essential to ensuring your security, that of your family, and that of your property. A particularly concerning development involves using Wi-Fi jammers to deactivate home security systems and mobile phones. These devices block the radio signals used for communication, posing […]

RF Jammers
June 14, 2024

Valkyrie update

Over the past few weeks, the Valkyrie team has tackled a variety of challenging and unique projects that required our full range of investigative and security expertise. One recent highlight was a comprehensive surveillance training program. The team relocated from London for three weeks to deliver intensive training on covert surveillance techniques, covering theoretical, practical, […]

Email us

security@valkyrie.co.uk

(Response within 24 hours)

Call us

+44 (0)20 7499 9323

(24/7 - 365 days a year)

Visit us

15 Belgrave Square, London
SW1X 8PS, UK

(0900 to 1700 Monday - Friday)

© 2024
|

Made by