Okta suspects LAPSUS$ gained access to a support engineer’s laptop between 16th and 21st January 2022 (1). According to Microsoft, LAPSUS$ typically focuses on compromising user identities of the targeted organization for initial access. After gaining initial access, LAPSUS$ focuses on extending its access within the network by enumerating credentials for higher privileged users and exploiting unpatched vulnerabilities on internally accessible servers. The City of London Police in late March arrested seven teenagers related to the LAPSUS$ group including a 16-year-old from Oxford, who is accused of being one of the leaders of LAPSUS$ (5). Exploit Tools and Targets: State-Backed North Korean Groups Exploit Chrome VulnerabilityTwo North Korean state-backed groups (8) exploited CVE-2022-0609, a remote code execution (RCE) vulnerability in Chrome (9).

Source: CNN April 05, 2022 15:54 UTC