Hackers created a fake account on Google's law enforcement portal.
Google representatives reported that hackers created a fake account on the Law Enforcement Request System (LERS), the company's platform used by law enforcement agencies to submit official requests for data.
According to Bleeping Computer, late last week, members of the hacker groups Scattered Spider, LAPSUS$, and Shiny Hunters (who claim to have merged and now call themselves Scattered LAPSUS$ Hunters) announced on Telegram that they had gained access to both Google's LERS portal and the FBI's background check system, eCheck.
LERS and eCheck are used by police and intelligence agencies around the world to submit subpoenas, orders, and requests for urgent disclosure of information. Unauthorized access to these systems allowed the attackers to impersonate law enforcement officers and access sensitive user data.
[td]"We determined that a fraudulent account had been created in our law enforcement request system and have disabled it," a Google spokesperson told reporters. "No requests were made using this fraudulent account. No data was accessed."[/td]
The FBI declined to comment on the attackers' claims.
It was noted that the hackers published screenshots of the allegedly obtained access shortly after announcing their intention to "go dark." Earlier this year, Scattered LAPSUS$ Hunters gained considerable attention after conducting large-scale attacks on Salesforce.
Initially, the attackers used social engineering, tricking employees into connecting the Data Loader tool to corporate Salesforce instances, which they then used to steal data and commit extortion. Later, the hackers compromised Salesloft
's GitHub repository and used Trufflehog to find secrets in private source code. This allowed them to find authentication tokens for Salesloft Drift, which were used for further attacks and the subsequent mass theft of Salesforce data. The fact is that Google Threat Intelligence (Mandiant) specialists were the first to notice what was happening, drew attention to the attacks on Salesforce and Salesloft , and warned everyone about the need to strengthen their defenses. After that, the hackers began regularly ridiculing the FBI, Google, Mandiant, and information security researchers in posts on their Telegram channels. Now, Scattered LAPSUS$ Hunters have published a lengthy message on a domain associated with BreachForums, announcing that they are ceasing their operations.
[td]"We've decided that from now on, our strength lies in silence," the attackers wrote. "You'll still see our names in data breach reports from dozens of multi-billion dollar companies that haven't yet acknowledged the hack, as well as some government agencies, including highly secure ones. But that doesn't mean we're still active."[/td]
However, information security specialists Bleeping Computer spoke with believe the group will continue to carry out attacks more covertly, despite its announcements of ceasing operations.