Lapsus$ attacks: First Uber then Rockstar Games

Lapsus$ attacks: First Uber then Rockstar Games

Share post

After the ride-hailing service Uber, Rockstar Games has now also fallen victim to a hacker attack. Like the Uber attack, this attack can also be assigned to the Lapsus$ ransomware group. Sophos specialists comment on the new attack.

The video game manufacturer Rockstar Games recently confirmed a cyber attack in which, among other things, 3 GB of video material from the upcoming blockbuster game "Grand Theft Auto VI" was stolen. While further details have yet to be awaited, the attacker claims to represent the same group that breached Uber's internal systems late last week; meanwhile, Uber attributes the attack to the cybercriminal group LAPSUS$.

Same attack - different attack paths

In the case of Uber, the first breach occurred after the attackers bought a contractor's company password on the dark web. By bypassing the contractor's multi-factor authentication (a growing problem, Sophos recently reported), the attacker was then able to gain access to employees' internal communication channels, such as Slack. Little is known about the Rockstar Games attack strategy, but the attacker also claims that Slack served as a backdoor.

Chester Wisniewski, Principal Research Scientist at Sophos, comments on the attacks: “The attacks on Uber and Rockstar Games feel like we are reliving the Lapsus$ attacks of late 2021 and early 2022. And indeed Uber just blamed the Lapsus$ group for the breach.

Social Engineering Attacks

While the 2021 cyberattack on interactive entertainment giant Electronic Arts began with criminals using stolen cookies to infiltrate its Slack channel in July 2021, the Uber breach appears to have started with another method of bypassing the multinational -Factor authentication using social engineering was used to gain access to Slack. Once again, the saying goes that the chain of security is only as strong as its weakest link – and all too often that is the people.

It is unclear at this point what made the initial compromise at Rockstar Games possible. But a group claiming to be the same hacker as Uber posted in-game footage of "GTA VI" and claimed the attack started with a social engineering attack similar to the attack on Uber. This is not surprising as it is an incredibly effective early compromise technique and exploits trust in privileged insiders.

The much too fast way to the insider

Safety is a system, and it needs redundancy no differently than an airplane or a spaceship. Accordingly, it must be designed to be fault-tolerant. In all of these cases, it seems to have been enough to gain access as a trustworthy insider in order to then meander through various systems with criminal intentions. Networks must be designed to verify an individual's identity and credentials when accessing a new or privileged realm.

While full details of the attacks are not yet known, they already serve as a good reminder to keep employees informed about the security culture and once again demonstrate the importance of implementing additional authentication for users in sensitive areas. Social engineering can bypass certain multi-factor authentication solutions, so it's definitely worth implementing stricter policies for access to critical systems.”

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more