Google Admits Fake Law Enforcement Account in Portal
▼ Summary
– Google confirmed a fraudulent account was created in its Law Enforcement Request System but no requests were made or data accessed.
– A threat actor group called “Scattered Lapsus$ Hunters” claimed responsibility for accessing both Google’s LERS and the FBI’s eCheck system.
– The group has been linked to widespread data theft attacks targeting Salesforce data through social engineering and GitHub breaches.
– These attacks have impacted numerous major companies including Google, Adidas, Cisco, and government agencies worldwide.
– Despite the group’s claims of “going dark,” cybersecurity researchers believe they will continue conducting attacks quietly.
Google has verified that cybercriminals established a fake law enforcement account within its Law Enforcement Request System (LERS), a platform designed for official data inquiries from government agencies. The company acted quickly to deactivate the unauthorized profile, emphasizing that no requests were processed and no user information was compromised through this fraudulent entry point.
This incident came to light after a hacking collective identifying as “Scattered Lapsus$ Hunters” boasted on Telegram about breaching both Google’s LERS and the FBI’s eCheck background screening system. The group shared screenshots purportedly showing their access, though the FBI has not commented on these assertions.
The implications of such unauthorized access are serious. These platforms are used globally by police and intelligence bodies to submit legal demands such as subpoenas, court orders, and emergency data requests. If exploited, threat actors could pose as legitimate authorities to harvest sensitive personal data.
This group claims ties to notorious cybercrime organizations including Shiny Hunters, Scattered Spider, and Lapsus$, all known for extensive data theft campaigns. Their methods often begin with social engineering tactics, deceiving employees into misconfiguring corporate tools like Salesforce’s Data Loader, which then facilitates data extraction and extortion.
In a more technical escalation, the actors infiltrated Salesloft’s GitHub repository, using tools like Trufflehog to uncover authentication tokens hidden in private source code. These tokens were then repurposed to widen their attack surface, impacting major firms such as Adidas, Cisco, Cloudflare, and Louis Vuitton, among others.
Google’s internal threat intelligence unit, Mandiant, has been actively tracking and exposing these campaigns, urging organizations to bolster their cybersecurity postures. In response, the hackers have publicly mocked the FBI, Google, and security experts across Telegram channels.
Late Thursday, the group posted a cryptic message suggesting a retreat from public activity, stating, “silence will now be our strength.” Despite this announcement, many cybersecurity analysts remain skeptical, anticipating that the group will continue operating covertly.
The situation underscores the persistent challenges facing digital security, where even well-guarded systems remain vulnerable to determined and sophisticated attackers.
(Source: Bleeping Computer)
