Google has confirmed that hackers created a fraudulent account in its Regulation Enforcement Request System (LERS) platform that legislation enforcement makes use of to submit official information requests to the corporate
“We have now recognized {that a} fraudulent account was created in our system for legislation enforcement requests and have disabled the account,” Google advised BleepingComputer.
“No requests have been made with this fraudulent account, and no information was accessed.”
The FBI declined to touch upon the menace actor’s claims.
This assertion comes after a gaggle of menace actors calling itself “Scattered Lapsus$ Hunters” claimed on Telegram to have gained entry to each Google’s LERS portal and the FBI’s eCheck background test system.
The group posted screenshots of their alleged entry shortly after asserting on Thursday that they have been “going darkish.”
The hackers’ claims raised issues as each LERS and the FBI’s eCheck system are utilized by police and intelligence businesses worldwide to submit subpoenas, court docket orders, and emergency disclosure requests.
Unauthorized entry may enable attackers to impersonate legislation enforcement and achieve entry to delicate person information that ought to usually be protected.
The “Scattered Lapsus$ Hunters” group, which claims to encompass members linked to the Shiny Hunters, Scattered Spider, and Lapsus$ extortion teams, is behind widespread information theft assaults focusing on Salesforce information this yr.
The menace actors initially utilized social engineering scams to trick staff into connecting Salesforce’s Knowledge Loader instrument to company Salesforce situations, which was then used to steal information and extort corporations.
The menace actors later breached Salesloft’s GitHub repository and used Trufflehog to scan for secrets and techniques uncovered within the non-public supply code. This allowed them to search out authentication tokens for Salesloft Drift, which have been used to conduct additional Salesforce information theft assaults.
These assaults have impacted many corporations, together with Google, Adidas, Qantas, Allianz Life, Cisco, Kering, Louis Vuitton, Dior, Tiffany & Co, Cloudflare, Zscaler, Elastic, Proofpoint, JFrog, Rubrik, Palo Alto Networks, and many extra.
Google Risk Intelligence (Mandiant) has been a thorn within the aspect of those menace actors, being the first to reveal the Salesforce and Salesloft assaults and warning corporations to shore up their defenses.
Since then, the menace actors have been taunting the FBI, Google, Mandiant, and safety researchers in posts to numerous Telegram channels.
Late Thursday evening, the group posted a prolonged message to a BreachForums-linked area inflicting some to imagine the menace actors have been retiring.
“Because of this we’ve determined that silence will now be our energy,” wrote the menace actors.
“You may even see our names in new databreach disclosure reviews from the tens of different multi billion greenback corporations which have but to reveal a breach, in addition to some governmental businesses, together with extremely secured ones, that doesn’t imply we’re nonetheless lively.”
Nevertheless, cybersecurity researchers who spoke with BleepingComputer imagine the group will proceed conducting assaults quietly regardless of their claims of going darkish.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
