A hacking group named “Scattered Lapsus$ Hunters” claimed on Telegram to have successfully breached Google’s Law Enforcement Request System (LERS), a portal used by police and intelligence agencies around the world to submit requests for user data. In response, Google confirmed that a fraudulent account had been created within the LERS platform. Google was quick to clarify that it had disabled the account and that no data was accessed or requests made. This incident highlights a serious vulnerability, as unauthorized access to the LERS portal could allow attackers to impersonate law enforcement, potentially gaining access to sensitive user data. The FBI has declined to comment on the hackers’ claims.
The group claiming responsibility, “Scattered Lapsus$ Hunters,” claims to be made up of members from other notorious hacking groups, including Shiny Hunters, Scattered Spider, and Lapsus$. This collective has been linked to a series of widespread data theft attacks this year, primarily targeting Salesforce data. Their methods initially involved social engineering, where they tricked employees into connecting a data tool to corporate Salesforce instances to steal data and extort companies. The group’s actions have since escalated to more sophisticated attacks.
In a recent attack, the hackers breached Salesloft’s GitHub repository. They then used a tool to scan the private source code for authentication tokens. This allowed them to find credentials for a third-party service, which they used to conduct further data theft attacks against Salesforce. These attacks have impacted a long list of major corporations, including well-known names like Google, Adidas, Cisco, and Louis Vuitton.
Google Threat Intelligence, also known as Mandiant, has actively worked against these attackers. Mandiant was the first to expose the Salesforce and Salesloft attacks, warning companies to enhance their security defenses. This has made them a target of the hacking group, which has since been taunting the FBI, Google, and Mandiant on various public forums.
Despite the hackers’ recent claims of “going dark” and even retiring in a lengthy online post, cybersecurity experts who have been tracking the group believe they will continue their attacks quietly. Their public statements appear to be a tactic to throw off law enforcement and security researchers. As such, the threat from this group remains active and poses a risk to companies that handle sensitive data.
Reference:
