Lapsus$: A Teenager behind the Dreaded Cybercriminal Group
Lapsus$ is notably responsible for hacking Nvidia, Samsung, Vodaphone, Ubisoft, Microsoft…
It is hard to believe, however, according to Bloomberg, several cybersecurity experts believe that a 16-year-old teenager, living with his mother, near Oxford, could be one of the masterminds of the Lapsus$ group. Appeared at the end of 2021, the list of its victims makes you dizzy: Nvidia, Samsung, Vodaphone, Ubisoft, Microsoft…
Lapsus$ Left loopholes
“Some of our members are on vacation until March 30. We’re going to be quieter for a while. Thank you for your understanding – we will try to disclose things as soon as possible”. This message is the last sent to the 50,000 subscribers of Lapsus$’s Telegram account, on March 23. The day before, the group revealed a new hack with potentially disastrous consequences: that of the Okta authentication and identity management platform. After such feats of arms, a few days of rest seem well deserved.
Could this period of inactivity be hiding something else? Such as the identification of some of the members of the group? Microsoft, released a note on the group, dubbed DEV-0537 for the occasion, which hints, “Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to be covering its tracks.” .
This inability to hide would have allowed cybersecurity experts to partially trace the group. According to them, seven unique accounts can be associated with Lapsus$. Two people, linked to certain attacks, emerge from this tracking: a teenager living in Brazil and one from Oxford, England.
In the case of the latter, a group of competing hackers had already exposed his identity, address and other personal information. Enough for Bloomberg to knock on the door of the budding cybercriminal’s mother. She said she was unaware of her son’s alleged activities.
Lapsus$ has and continues to puzzle many cybersecurity researchers. The cyberattacks he carried out were so effective that the trail of an automated activity was mentioned for a time. To hack companies, Lapsus$ would have used social engineering and even publicly offered to pay employees of their targets to obtain internal access.
Unconfirmed suspicions for the time being
These two points aside, its methodology remains relatively classic: steal sensitive information from a company, give credibility to its action by publishing extracts, demand a ransom so as not to disclose the remaining data.
However, the group has stood out on several occasions. He demanded, as a ransom from Nvidia, that the group’s graphics chips no longer be restricted for cryptocurrency mining. Provocative, Bloomberg reveals that some of its members would have invited themselves to Zoom meetings of its victims.
It is not exceptional for pirates to show a certain eccentricity, without constituting a clue as to their age. Lapsus$ is always shrouded in a certain aura of mystery. However, British police revealed on March 24 that they had made 7 arrests in connection with their investigation into Lapsus$. The profiles of those arrested seem to confirm Bloomberg’s information, since they would be aged 16 to 21. They were released, but placed under police surveillance.
Newer Articles
- WhatsApp Business Marketing worth watching in 2022
- Three Tips To Improve Online Marketing Strategy
- Easter Gifts Ideas
