It doesn’t look like the recent GTA 6 hack was done by a lone wolf who broke into an employee’s work, as was thought before. The high-profile work that led to the theft of the source codes for GTA 5 and GTA 6 was likely done by a hacking group called Lapsus$, which the FBI and U.S. Department of Justice are already looking for.
At least seven of the group’s members were arrested in the UK in March 2022 after they targeted Microsoft, Samsung, and Nvidia, among others.
GTA 6 Leaks May Have Been Perpetrated By A Hacking Group
The hacker or hackers reportedly wanted to sell the source codes for GTA 5 and 6 for a lot of money, but it looks like they were stopped in their tracks. Even though Rockstar Games and Take-Two Interactive didn’t mention Lapsus$ in their press releases about the hack, Uber thinks it’s the same group that also broke into its systems.
- GTA 6 hack will not impact development, says Rockstar Games
The same hacker has also claimed responsibility for the recent high-profile hack of the ridesharing service Uber, which has now issued an update on its own investigations into the incident. From a press release from Uber, as reported by Insider-Gaming:
“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so. This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. There are also reports over the weekend that this same actor breached video game maker Rockstar Games. We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.”
Rockstar Games has told fans that the hack won’t slow down development, but many are worried about how it will affect the company’s flexible work-from-home policies.
Uber Statement on The Affiliate Hacking Group
Uber stated that it believed the person responsible was “affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so.” Lapsus$ is a hacking group that has similarly breached a list of other technology companies this year such as Microsoft, Samsung, and Nvidia.
Yesterday, Rockstar released its own statement on the hack, in which company stated that it had been the victim of a “network intrusion,” which had resulted in the information that was stolen from its systems being made public.
The developer of Grand Theft Auto expressed “great disappointment” over the news, but they also stated that there would be no “long-term influence” on production. There was not a single hiccup on any of the live services, including Grand Theft Auto Online.
BBC News published a story in March of this year about a 16-year-old boy from Oxford who goes by the online aliases “White” or “Breachbase.” The boy was accused of being a leader in the Lapsus$ group.
The true identity of “White” was revealed to the public by other hackers, and he was one of seven individuals arrested by City of London Police; however, all of them were ultimately released while the investigation continued.
LAPSUS$ Telegram Public Channel of Cybercriminal Group
Some questions still remain about the group’s members and what they do. LAPSUS$, like many other cybercriminals in recent years, used a public Telegram channel to talk about what it was doing.
The date this channel was made is December 9, 2021. At first, people thought LAPSUS$ was based in South America because the group’s first communications were mostly in Portuguese and its first targets were Brazilian. The NVIDIA hack was a sudden change for LAPSUS$. The hacking group switched to only communicating in English and started focusing on targets outside of Brazil.
The fact that the seven members of LAPSUS$ who were arrested in the UK were teenagers living with their parents makes it hard to understand what the group was doing in public during its first few months.
Were the members of the group trying to look like a Brazilian hacking group by starting with Brazilian targets and releasing statements in Portuguese, or is there more to this story?
Maybe LAPSUS$ had more than just seven members in it. The seven arrests were made public on March 24, but the hacking group’s last public message was sent on March 29.
The group posted a link to a torrent of data stolen from Globant and said it was “officially back from a vacation.” Were the members of LAPSUS$ able to post these messages on Telegram while they were in custody, or were there members who escaped arrest?