Redazione RHC : 17 September 2025 06:55
Google executives said that hackers created a fake account on the Law Enforcement Request System (LERS), the company’s platform used by law enforcement agencies to submit official data requests.
Late last week, members of the hacker groups Scattered Spider, LAPSUS$, and Shiny Hunters (who claim to have merged and are now calling themselves Scattered LAPSUS$ Hunters) announced on Telegram that they had gained access to both the Google LERS portal and the FBI’s eCheck background check system.
LERS and eCheck are used by law enforcement and intelligence agencies around the world to transmit subpoenas and orders, as well as urgent information disclosure requests. Unauthorized access to these systems has allowed attackers to impersonate law enforcement officials and access sensitive user data.
“We’ve determined that a fraudulent account was created in our law enforcement request system and have disabled it,” a Google spokesperson told reporters. “No requests were made through this fraudulent account. No data was accessed.”
The FBI declined to comment on the perpetrators’ statements.
Note that the hackers released screenshots of the access they allegedly gained shortly after announcing their intention to “hide”.
Recall that earlier this year, the Scattered LAPSUS$ Hunters collective attracted a lot of attention after large-scale attacks on Salesforce.
The attackers initially used social engineering to trick employees into connecting the Data Loader tool to corporate Salesforce instances, which was then used to steal data and commit extortion.
The attackers subsequently compromised Salesloft’s GitHub repository and used Trufflehog to discover secrets in the private source code. This allowed them to find authentication tokens for Salesloft Drift, which were used to launch further attacks and the resulting mass theft of data from Salesforce.
The fact is that specialists from Google Threat Intelligence (Mandiant) were the first to notice what was happening, drew attention to the attacks on Salesforce and Salesloft, and alerted everyone to strengthen their defenses.
After that, hackers began regularly ridiculing the FBI, Google, Mandiant and cybersecurity researchers in posts on their Telegram channels.
Now, the Scattered LAPSUS$ Hunters have posted a lengthy message on a domain associated with BreachForums, stating that they are ceasing operations.
“We have decided that from now on our strength lies in silence,” the attackers wrote. “You will continue to see our names in data breach reports from dozens of multi-billion dollar companies that have not yet admitted to the attack, as well as some government agencies, including highly protected ones. But that doesn’t mean we’re still active.”
Redazione