- Cybercriminals created a fraudulent account in the application application system
- User data was not accessed, but the violation raises concerns about defects in Google’s approval process
- The group behind the incident, dispersed Lapsus $ hunters, is linked to the main infractions of recent data and became “dark” shortly before publishing the screenshot
The cybercriminals managed to obtain their own account on the platform of the application system for application of the Google Law (LERS), the search engine giant confirmed to the media earlier this week.
Recently, the threat actors that are made for “Lapsus $ scattered hunters” published a new screenshot on their Telegram channel, supposedly showing an automated Google confirmation email.
“Google has created a new account of the application application system for the law (LERS) for you,” says screen capture.
Disabled the account
LERS is a sure online portal that Google specifically provides for the application agencies of the verified law. Through it, the police can send user data requests, such as citations, judicial orders or search warrants. Through this system, authorized officers can load documents, monitor the status of their requests and download the confidential data.
To get access to Lers, Google must approve pre -approved. Simply having an email address of the agency will not be enough: they must be added to Google’s approved list, which raises the question: how did criminals do? Google’s approval system is defective or criminals managed to impersonate the law personnel.
After the news broke, Bleepingcomputer He hires both Google and FBI, and although the latter declined to comment, Google confirmed the statements of the cybercriminals:
“We have identified that a fraudulent account was created in our system for applications for the application of the law and we have disabled the account,” Google told the publication. “There were no requests with this fraudulent account, and no data was accessed.”
Dispersed Laps $ Hunters is a threat actor created after three groups, Sptered Spider, Lapsus $ and Shinyhunters, merged into one. It is suspected that the group is behind some of the largest data infractions this year, including the Drift AI/Salesloft incident that affected dozens of large technology companies.
Meros days before publishing this screenshot, the group announced that it was going to “oscillate”, that some threat actors interpreted as a sign of fear about the imminent consequences of recent attacks.
Through Bleepingcomputer
