- Cyber criminals created a fraudulent account on Google’s request system for law enforcement
- There was no access to user data, but the violation raises concerns about deficiencies in Google’s approval process
- The group behind the incident, scattered lapsus $ -hunters, is linked to major recent data violations and went “dark” shortly before you sent the screen
Cybercriminals managed to get their own account on the Google Law Enforcement Request System (LERS) platform, the search mask giant confirmed to the media earlier this week.
Recently, threat actors who go after “scattered lapsus $ Hunters” published a new screen in their Telegram channel, allegedly showing an automated confirmation -e -e -mail from Google.
“Google has created a new law enforcement request system (LERS) accounts for you,” the screen says.
Disabled the account
Lers is a secure online portal that Google specifically provides to verified law enforcement authorities. Through it, police can submit requests for user data, such as subpoena, court orders or search options. Through this system, authorized officers can upload documents, monitor the status of their requests and download the sensitive data.
To access LERS, you need to be preserved by Google. Just having an agency -e -mail address is not sufficient -they need to be added to Google’s approved list that raises the question -how did the criminals do it? Either Google’s approval system is deficient or villains succeeded in somehow imitating law enforcement staff.
After news broke, Bleeping computer reached out to both Google and the FBI, and while the latter refused to comment, Google Cybercriminals’ claims confirmed:
“We have identified that a fraudulent account was created in our law enforcement requests and has disabled the account,” Google told the publication. “No requests were made with this fake account and no data was accessed.”
Scattered lapsus $ -Hunters are a threat actor created after three groups – scattered spider, lapsus $ and shinyhunters – merged into one. The group is suspected of being behind some of the biggest data violations this year, including the operation AI/Sales Ceiling event that affected dozens of large tech companies.
Just days before broadcasting this screen, the group announced that it was “getting dark”, as some threat actors interpreted as a sign of fear over the impending consequences of recent attacks.
Via Bleeping computer
