Uber Technologies said that a hacker linked to the Lapsus$ group was recently involved in an attack on the company’s IT systems. The group rose to prominence last year for conducting a series of successful attacks on the information systems of major corporations, including NVIDIA, Microsoft, Samsung and Vodafone. Earlier this year, London police arrested several Lapsus$ members, all teenagers.
This incident happened a few days before the Rockstar Games attack, in which the attacker stole a large number of gameplay videos and the source code of the GTA VI game. Common to both incidents is the fact that the hacker who attacked Rockstar said he was the one who successfully hacked into Uber’s internal network a few days ago.
Uber is reportedly continuing to investigate the cybersecurity incident with the FBI and the US Department of Justice. Before the attack, the attacker is believed to have stolen the Uber contractor’s corporate data, having previously attacked its systems. The hacker then tried again and again to log into the company’s internal network with stolen data, but thanks to two-factor authentication, this was unsuccessful because the compromised employee rejected authentication requests.
Ultimately, the employee accepted the authentication request, giving the attacker access to Uber’s internal systems. He was later able to access the recordings of some of the company’s other employees, as well as internal tools like G Suite and Slack. It is noted that the hacker discovered himself by writing a message about the hack directly in the Uber corporate chat in Slack. After that, Uber management temporarily banned employees from using compromised systems. The company determined that the hacking did not affect the confidential data of the company’s customers. The investigation into the incident is ongoing.