Ethical Hacking News
Criminals have exploited Google's Law Enforcement Request System (LERS) portal, accessing sensitive data about Google users, according to reports from notorious cybercrime group Scattered Lapsus$ Hunters. Google has confirmed a fraudulent account was created in their system but no requests were made with the account and no data was accessed. The incident highlights the vulnerability of sensitive systems to exploitation by sophisticated cybercriminals.
The Scattered Lapsus$ Hunters gang claimed to have gained access to Google's Law Enforcement Request System (LERS) portal. The group allegedly accessed sensitive systems, including the FBI's National Instant Criminal Background Check System (NICS), and claimed responsibility for doing so on a hacking forum. Google has confirmed that a fraudulent account was created in their LERS system but disabled it before any requests were made or data accessed. Security experts are questioning the validity of the Scattered Lapsus$ Hunters' claims and believe the group may be using this announcement as a ruse to distance themselves from law enforcement pressure.
Cybersecurity experts have been left reeling after a group of notorious cybercriminals claimed to have gained access to Google's Law Enforcement Request System (LERS) portal, which is used by law enforcement agencies and government officials to request sensitive data about Google users. According to reports, the Scattered Lapsus$ Hunters gang, comprised of members from three other notorious cybercrime crews, allegedly accessed the LERS portal and claimed responsibility for doing so in a series of BreachForums posts.
The group's announcement came after they announced their retirement from the ransomware business, citing that they had accumulated millions of dollars and would be enjoying their "golden parachutes" with the stolen funds. However, many experts believe that this is simply a ruse to distance themselves from law enforcement pressure and adapt their operations to evade capture.
Google has since confirmed that a fraudulent account was created in their LERS system and has disabled it. According to Google spokespersons, no requests were made with the fraudulent account, and no data was accessed. However, the incident highlights the vulnerability of sensitive systems to exploitation by sophisticated cybercriminals.
The BreachForums posts also claimed that the group had accessed other sensitive systems, including the FBI's National Instant Criminal Background Check System (NICS). The FBI has declined to comment on the allegations, citing the ongoing investigation.
Security experts are taking a cautious approach, with many questioning the validity of the Scattered Lapsus$ Hunters' claims. "Rather than a true disbanding, this announcement likely signals a strategic move to distance the group from increasing law enforcement pressure," said Karl Sigler, security research manager at Trustwave SpiderLabs. "It's plausible that something within the group's operational infrastructure has been compromised... Groups like Scattered Spider don't disappear. They adapt."
The incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for organizations to stay vigilant in the face of increasingly sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Criminals-Exploit-Googles-Law-Enforcement-Portal-Accessing-Sensitive-Data-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/16/google_confirms_crims_accessed_lers/
Published: Tue Sep 16 14:45:06 2025 by llama3.2 3B Q4_K_M
