"A cybersecurity incident". This is how Uber reported a hack on the night of September 15-16. The American company of VTC revealed more information on this cyberattack, publishing on its site, Monday evening, September 19, a first report returning to this intrusion and this data leak of which it was the victim.
Uber attributes the attack to the cybercriminal group Lapsus$. This group of South American hackers, active since the end of 2021, was particularly offensive at the beginning of 2022, claiming in particular the hacking of Microsoft, Okta, Nvidia and Samsung, before several arrests in the United Kingdom. in April bring a halt to these pirates. Lapsus$'s communication methods are somewhat particular, as mentioned by 01net.com. Everything is indeed happening in a Telegram channel, with unorthodox claims.
As Le Monde reports, Uber believes that the techniques that allowed hackers to compromise its system are similar to those previously employed by Lapsus$. The hack came to light after a message from the malicious hacker leaked on one of the company's Slack channels - an online collaborative platform. The attacker(s) then reconfigured Uber's OpenDNS - the service allowing automatic corrections of domain names entered by the user as well as a service blocking certain categories of domain names - to display an image to employees. on some internal sites.
According to the New York Times and cybersecurity experts, a hacker who says he is 18 obtained access codes to Uber's internal network by texting an employee of the firm claiming to be a member of the IT staff of Uber. company, which persuaded him to reveal his password. However, as ZDNet.com reports, Uber clarified on Monday that the hacker(s) gained access using the credentials of a third-party contractor. "It is likely that the attacker bought the contractor's Uber password on the Dark Web," said the American company, after the contractor's personal device was infected with malware.
Uber says that the attacker(s) then managed to bypass multi-factor authentication by multiplying connection attempts until the victim mistakenly validated the authentication request. Then, inside the system, the attacker(s) targeted the accounts of other users, until they reached a level of privilege high enough to access corporate resources.
In its report, Uber also gives an estimate of the data stolen by the perpetrator(s) of the attack. The chauffeur-driven vehicle booking platform found that messages posted on its internal Slack had been downloaded, as well as information available through the software used by the accounting team to process invoices. Uber, however, says the group of hackers does not appear to have infiltrated publicly accessible systems, user accounts or databases storing sensitive user information, such as payment data.
Uber also notes that the hack that targeted Rockstar Games on Sunday, the publisher of the famous video game Grand Theft Auto (GTA) 6, follows a similar pattern. Rockstar Games has admitted that videos of the next version of the cult saga, currently in development, were pirated and posted online this weekend.
“We recently experienced a computer breach in which an unauthorized third party illegally accessed and downloaded confidential information on our systems, including images from the upcoming Grand Theft Auto,” the studio tweeted.
The specialized site PC Gamer noted that a file containing some 90 videos of GTA 6 was published on forums of players. The person who posted them under the pseudonym "teapotuberhacker" then claimed to be also responsible for the Uber hack last week and promised to "leak more information soon" about the game.
The videos notably show a new female character that players could choose from. The Bloomberg agency had indicated earlier this year that GTA 6 should feature a female protagonist influenced by the mythical American couple Bonnie and Clyde.