UK Police Arrest Seven Over Lapsus$ Hacks Linked to 16-Year-Old Oxford Resident

Cybercriminal collective Lapsus$ has taken responsibility for a plethora of security breaches in the tech sector, including a February leak of a US chipmaker’s proprietary information and recent cyberattacks against Microsoft and Okta, a San Francisco-based identity and access management company.
Sputnik
Seven individuals, including teenagers, have been arrested by City of London Police in connection with a probe into Lapsus$, the group which took responsibility for cyberattacks targeting Microsoft and Okta earlier this week.
“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation,” Detective Inspector Michael O’Sullivan said in a statement to Reuters.
No names accompanied the City of London Police statement. As of this article's publication, none of those arrested have been formally charged.
The recent cyber attacks committed by Lapsus$ appear to be motivated by money and infamy, as the cybercriminals publicly taunt and extort companies after exploiting security vulnerabilities.
While the cybercriminal collective was not named in O’Sullivan’s statement, Bloomberg reported that a 16-year-old Oxford boy linked to the group was among those arrested. Rival hackers and researchers have estimated that the teen amassed the equivalent of $14 million (£10.6 million) in cryptocurrencies prior to his arrest.
The teen, who attends an Oxford-based special education school, was known to spend a lot of time on his computer, but his alleged cybercrimes were unknown even to his family, according to the boy’s father.
“I had never heard about any of this until recently,” the father told the BBC. He's never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”
At least one other member of the group is believed to be a teenager in Brazil, or another part of South America.

Microsoft, Okta, and NVIDIA Confirm Security Breaches Committed by Lapsus$ Hackers

Microsoft Security teams confirmed a data breach by Lapsus$ this week, detailing in a blog that it learned that the collective, dubbed ‘DEV-0537’ by trackers, has been targeting organizations through its own employees and commonly employs a “pure extortion and destruction model” without the release of ransomware payloads.
“DEV-0537 advertised that they wanted to buy credentials for their targets to entice employees or contractors to take part in its operation,” Microsoft said in a March 22 release. “For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system.”
No customer code or data was observed to be within the source code Lapsus$ weaponized against Microsoft, according to the company.
While Lapsus$ began targeting cryptocurrency accounts, the recent attacks tracked by Microsoft and other researchers have been primarily focused on organizations in telecommunications, higher education, and South America-based government organizations.
Okta, which provides identity and access management services to more than 15,000 organizations, revealed in a Tuesday release that it was investigating a possible cyberattack by Lapsus$ that potentially impacted what it claimed were some 366 customers.
The announcement came after the San Francisco-based company saw its shares decline around 11% after the Lapsus$ Telegram account posted internal information allegedly obtained during the breach. The group said they were focusing “ONLY on Okta customers.”
Twitter, via @BillDemirkapi: "LAPSUS$ edited their message to clarify that they did not breach Okta's databases, but rather targeted Okta customers."
Okta claims the breach may be related to a previously unreported incident in January that it said was contained.
Nvidia CEO Jensen Huang has also touched on his company’s experience with the cybercriminal collective, telling attendees of the GPU Technology Conference that the late February hack was a “wake-up call” to adopt a “zero trust” security posture.
Within a “zero trust” framework, all users–including those within the organization’s network–are required to be authenticated, authorized, and consistently validated prior to being granted access. The ‘never trust, always verify’ measure is intended to bolster security against malware and other cybersecurity threats.
“Fortunately, we didn't lose any customer information and any sensitive information,” Huang told Yahoo Finance. “They got access to source code, which of course we don't like, but nothing that is harmful to us.”
Huang acknowledged that the process of multi-factor authentication may be burdensome, but it is necessary given the current security solutions available.
“But long term, we have to make it possible for our data center to literally be completely wide open, completely exposed, and yet be completely secure," the Nvidia CEO said.
Let's stay in touch no matter what! Follow our Telegram channel to get all the latest news: https://t.me/sputniknewsus
Discuss