An Unfortunate Security Breach
It turns out criminals have figured out a way to sneak into Google’s system, specifically its Law Enforcement Request System (LERS), where police and government agencies go to get information on Google users.
A Google rep spoke to The Register recently, saying, “We have discovered that a fake account was created in our system to make law enforcement requests, and we’ve gone ahead and disabled it. Luckily, no requests were made, nor any data accessed with this bogus account.”
This acknowledgment came on the heels of some posts on BreachForums by a group known as Scattered Lapsus$ Hunters. This crew is believed to consist of members from well-known cybercrime gangs, including Scattered Spider, ShinyHunters, and Lapsus$. Not too long ago, just after they appeared to take a step back from their ransomware activities, they published screenshots suggesting access to both Google’s LERS and the FBI’s National Instant Criminal Background Check System (NICS). The FBI has yet to comment on these significant claims.
These groups thrive on the limelight and seem eager to taunt both law enforcement and the threat hunting teams at Mandiant, a part of Google.
After they took responsibility for hacking early June incidents involving companies like Jaguar, M&S, Co-op, and Harrods, the Scattered Lapsus$ Hunters announced their retirement from the cybercrime scene just days ago.
In what they called a farewell post on Breachforums, the ransomware team expressed, “We’ve chosen to vanish from the scene,” while commending eight of their associates, arrested since April 2024, as mere “collateral damage in our fight for power.”
Concerns for their welfare weren’t necessary; as they stated, “Do not worry about us—we’re going to enjoy the sweet rewards from our previous exploits.” They implied that others would continue to research and enhance the systems integral to daily life, just more quietly. Photos encompassing the Google LERS and FBI’s NICS were shared with their tag positioned over the images.
Most security experts remain skeptical regarding their claims of retirement.
Karl Sigler, a security research manager at Trustwave SpiderLabs, shared with The Register his belief that this announcement might be more about diverting attention from mounting pressure from law enforcement than a genuine disbanding.
He mentioned the likelihood of a disruption within their operation previously, such as have some of their systems or communication lines been compromised. “Groups like Scattered Spider don’t just go away. They find a way to adapt,” he added.
