Google confirms hackers created their own account in sensitive law enforcement portal

1 hour ago 6

Malware attack virus alert , malicious software infection , cyber security awareness training to protect business

(Image credit: Shutterstock)

Cybercriminals created a fraudulent account on Google’s Law Enforcement Request System
No user data was accessed, but the breach raises concerns about flaws in Google’s approval process
The group behind the incident, Scattered Lapsus$ Hunters, is linked to major recent data breaches and went “dark” shortly before posting the screenshot

Cybercriminals managed to get their own account on the Google Law Enforcement Request System (LERS) platform, the search engine giant confirmed to the media earlier this week.

Recently, threat actors going by “Scattered Lapsus$ Hunters” posted a new screenshot in their Telegram channel, allegedly showing an automated confirmation email from Google.

“Google has created a new Law Enforcement Request System (LERS) account for you,” the screenshot says.

Disabled the account

LERS is a secure online portal that Google provides specifically for verified law enforcement agencies. Through it, the police can submit requests for user data, such as subpoenas, court orders, or search warrants. Through this system, authorized officers can upload documents, monitor the status of their requests, and download the sensitive data.

To gain access to LERS, one must be pre-approved by Google. Simply having an agency email address won’t suffice - they need to be added to Google’s approved list, which raises the question - how did the criminals do it? Either Google’s approval system is flawed, or crooks somehow managed to impersonate law enforcement personnel.

After news broke, BleepingComputer reached out to both Google, and the FBI, and while the latter declined to comment, Google confirmed the cybercriminals’ claims:

"We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," Google told the publication. "No requests were made with this fraudulent account, and no data was accessed."

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Scattered Lapsus$ Hunters is a threat actor created after three groups - Scattered Spider, Lapsus$, and ShinyHunters - merged into one. The group is suspected to be behind some of the biggest data breaches this year, including the Drift AI/Salesloft incident that affected dozens of large tech companies.

Mere days before posting this screenshot, the group announced it was “going dark”, which some threat actors interpreted as a sign of fear over the impending consequences of the recent attacks.

Via BleepingComputer

Salesforce platforms are being cracked open for data theft - FBI warns of UNC6040 and UNC6395 IOCs
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article