News
Arrests Made Against Lapsus Hacking Group
Seven individuals connected with the Lapsus$ hacking group, including the suspected ringleader, were arrested on Thursday in the surrounding areas of London.
According to the BBC, the suspected ringleader is a 16-year-old from Oxford, England, who has stolen an estimated $14 million through illegal activities. "Under his online moniker 'White' or 'Breachbase' the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America," read the report.
The remaining six members arrested are between the ages of 16 and 21, according to a released statement by Detective Inspector Michael O'Sullivan, from the City of London Police. Due to the age of the leader and some of the suspected accomplices, their names were not released.
"White" was apparently outed by a business partner on a hacker forum and his name, address and social media pictures were leaked publicly. Security researchers had also been tracking the youth's online activity for a year now, and was able to corroborate the leaked info on the hacker forum to help assist in the arrests.
While the hacker group was dealt a blow with this week's arrests, it's not expected to end the group's illegal activity. Lapsus$ has been actively recruiting new members online and its channel on a popular messaging app has over 47,000 subscribers.
The Lapsus$ criminal ring made news this week when it posted screenshots of a security breach in the services of identity firm Okta. Further, Microsoft investigated a claim that an Azure DevOps repository was hacked by the group, exposing source code for Bing and Cortana. The company followed up by saying that only a single account was compromised, and that customer data remained secure.
Lapsus$ is a relatively new hacker group, with its first public mention being connected with a December 2021 attack on the Brazilian Health Ministry network. Since then the group has been very active, claiming credit for high-profile hacks against Nvidina, Ubisoft and Samsung.
However, being new doesn't mean the group should be discredited as being inexperienced, said security expert Brian Krebs. Krebs recently profiled the group on his blog Krebs on Security and said that companies need to harden their security against the group, even after Thursday's arrests:
While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group, their tactics should make anyone in charge of corporate security sit up and take notice. Microsoft says LAPSUS$ -- which it boringly calls "DEV-0537" -- mostly gains illicit access to targets via "social engineering." This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.