GOLD RAINFOREST

GOLD RAINFOREST was an international threat group responsible for the compromises of high-profile organisations conducted between mid-2021 and September 2022 under the banner of the Lapsus$ hack-and-leak group. Originally thought to be financially motivated, group members may have been driven more by the desire to boost their reputations on underground forums than make money, although they appear to have been successful at doing both. GOLD RAINFOREST targeted Brazil's Ministry of Health and a number of other Brazilian agencies before going on to target corporations including Microsoft, Cisco, Samsung, Uber, Nvidia, and Okta.

In addition to potential use of insider access to internet-facing devices and software, CTU researchers have information that indicates GOLD RAINFOREST also gained access via social engineering and credential abuse. The group also defaced victim websites, leaked credentials, and in one case redirected victim website traffic to a pornography site.

Members of GOLD RAINFOREST were eventually arrested in the UK and Brazil, and charged with a number of computer crimes. Key to the charges brought against two individuals in the UK, both minors at the time of arrest, were intrusions at EE, Orange and BT, all British communications service providers (CSPs), that involved holding the companies' data to ransom in August 2021.

Even after arrest, the group members continued to compromise organizations, culminating in the theft of intellectual property belonging to Rockstar Games relating the development of Grand Theft Auto 6 and the release of unfinished game footage to a fan forum. Much like Lulzsec before it, Lapsus$ is representative of an interesting and unusual threat. Technically adept individuals with suitable motivation, and possible disregard for their own self-interest, can have a damaging impact on even the most well-protected organizations.