Lapsus$
Coverage of Lapsus$ in the Nexus archive.
- Pink is the latest goon squad to use fake helpdesk calls to steal creds
Pink, a new extortion group possibly rebranded from BlackFile, uses voice phishing and fake helpdesk calls to steal credentials and extort organizations. Palo Alto Networks' Unit 42 and Google Threat Intelligence debate whether Pink is a new threat or an evolution of UNC6671, with similar tactics to groups like Lapsus$ and Scattered Spider.
- Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Checkmarx, an application security company, confirmed that the LAPSUS$ threat group leaked data from its private GitHub repository. The incident involves stolen code or sensitive information from the company's internal systems.
- Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Checkmarx, a software security testing company, has been targeted in a supply-chain attack by the Lapsus$ group, which claimed to have leaked their source code and sensitive data from a GitHub repository. The breach highlights ongoing attacks explicitly targeting security and development tools.
- Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
The article discusses expanding supply chain attacks attributed to TeamPCP, with ShinyHunters and Lapsus$ now involved in the breaches and claiming credit. This infighting among hackers complicates incident response for affected organizations.