LAPSUS$ Data Extortion

And hope it is not the backup admin they are recruiting who can delete the immutable backups or the servers they are residing on.

Some VCC with insider protection would make sense to avoid this...

Thank you very much for sharing @dips. A bit lengthy, but I will recommend everyone to read this piece as it is highlights on core-security principles. 

• One of their approaches they said is paying employees to grant MFA approval etc. This is why insider threat (disgruntled employees) are often regarded very dangerous. 
  
  They are able to damage the organisations immensely since sensitive information is reachable easier compared to external attacks

The positive here is SIM-jacking isn't as easy to achieve in Germany compared to other countries! Yet, great attention needs to be paid in this regard over the globe.

> Remind employees that enterprise or workplace credentials should not be stored in browsers or password vaults secured with personal credentials

- I wish everyone could adhere to this. You can play with your personal credentials but not with your workplace cred!

They have been nabbed @dips:

- https://www.bbc.com/news/technology-60864283

Thanks for posting this @dips and also thank you @Iams3le for your additons. Really scarry to see what the bad guys are trying in order to get a foot in your environment.

It’s quite interesting how they come up with so many different ways to get into an organisation.

They can found so many ways to access infrastructure.

Like this one, a really simple example that can leverage from a veeam backup to a domain admins without restore: https://www.whiteoaksecurity.com/blog/2020-4-14-from-veeam-to-domain-administrator/

While navigatin I came up to many more ways to “use” veeam for lateral movement

Yes, you’re absolutely right!