Cybercrime,
Fraud Management & Cybercrime,
Social Engineering
Skepticism Surrounds Announcement from Cybercriminal Group
A group of teenage hackers, known for targeting airlines, insurance firms, and casinos in both the United Kingdom and United States, has announced the cessation of their activities. Their declaration raises eyebrows within the cybersecurity community, especially given their previous high-profile exploits.
The group, identified as Scattered Lapsus$, posted a somewhat unclear message on their communication channel, declaring their intent to “go dark” after a reported 72 hours of silence. Notably, they recently targeted British automaker Jaguar Land Rover, disrupting the company’s global operations.
In their party statement, the group claimed, “We LAPSUS$, Trihash, Yurosh, Yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari, and others, have decided to go dark. Our objectives have been fulfilled, and now it is time to say goodbye.”
Scattered Lapsus$ alleges to have successfully breached Google on multiple occasions, as well as undermining the security framework of firms like Salesforce and CrowdStrike. They further threatened to disclose sensitive data from luxury brands and airlines, though they insist that future data leaks do not indicate active operations.
This group is part of a decentralized hacking collective referred to as “The Community” or “The Com,” which has been implicated in attacks against over 130 corporations, including MGM Resorts, Clorox, and cryptocurrency exchange Coinbase. Their modus operandi revolves around tactics such as SIM-swapping and phishing, often impersonating IT personnel to bypass multi-factor authentication.
Recently, law enforcement’s increased scrutiny has resulted in arrests linked to these cyber activities. Key group member Noah Michael Urban, aged 20, was sentenced to ten years in federal prison after pleading guilty. In another development, British authorities detained four individuals suspected of involvement in the Marks & Spencer and Co-op breaches, while Canadian law enforcement apprehended Alexander Moucka on charges related to data theft potentially linked to Scattered Spider.
The announced hiatus from operations could signal internal turmoil or a strategic rebranding effort, according to cybersecurity experts. Cian Heasley, a principal consultant at Acumen Cyber, speculated that this move may reflect disagreements on navigating increasing legal risks, which suggests a possible regrouping rather than a conclusive end to their activities.
Christiaan Beek, a senior director at Rapid7, characterized the announcement as likely tactical, intended to diminish visibility while evaluating responses. He cautioned that unless significant indicators of their operational status emerge, such as prolonged silence or the disappearance of known members, the declaration might not accurately reflect their ongoing capabilities.
This situation underscores the evolving landscape of cyber threats and emphasizes the importance of ongoing vigilance among businesses. With tactics employed by groups like Scattered Lapsus$ often falling within categories outlined by the MITRE ATT&CK framework—such as initial access, persistence, and privilege escalation—organizations must focus on strengthening their defenses against the increasingly sophisticated methods employed by these adversaries.
