The Lapsus$ Hacking Group, which made the media headlines throughout this year after hacking into multiple high profiles tech companies for extortion of the ransom or leaks their data, includes Ubisoft, Samsung, NVIDIA, Okta, and Microsoft.
Today, Bloomberg reported that an England-based teenager is reportedly the mastermind behind the hacking group. On the report, Bloomberg wrote -
“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who apparently uses the online aliases “White” and “breachbase,” has not been accused by law enforcement, and the researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,”.
Further, they added, the suspected teenager lives some miles outside Oxford University. They tried to speak to his mother for ten minutes through a “doorbell intercom system” at the home. The teenager’s mother told the publication she did not know of allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg added.
On the other side, an independent investigative journalist, Brian Krebs, says- a core member of Lapsus$, who may have used the aliases “Oklaqq” and “WhiteDoxbin,” also purchased Doxbin, a website where people can post or search for the personal information of others for the purposes of doxing. This WhiteDoxbin individual apparently wasn’t the best admin and had to sell the site back to its previous owner, but leaked “the entire Doxbin data set,” which led to the Doxbin community doxing WhiteDoxbin, “including videos supposedly shot at night outside his home in the United Kingdom,”.
Blomberg noted England-based teenager is not the only member of the hacker group. Another teenager in Brazil and that seven unique accounts have been linked with the group.
Lapsus$ has publicly taunted its victims, leaking its source code and internal documents. When Lapsus$ revealed it had breached Okta, it sent the company into a public-relations crisis. In multiple blog posts, Okta disclosed that an engineer at a third-party vendor was breached and that 2.5% of its customers may have been impacted.
Lapsus$ has even gone as far as to join the Zoom calls of companies it has breached, where it has taunted employees and consultants who are trying to clean up the hack, according to three of the people who responded to the hacks.
Microsoft, which itself confirmed it was hacked by Lapsus$, said in a blog post that the group has embarked on a “large-scale social engineering and extortion campaign against multiple organizations.” The group’s primary modus operandi is to hack companies, steal their data and demand a ransom in order to not release it. Microsoft tracks Lapsus$ as “DEV-0537,” and said that the group has successfully recruited insiders at victimized companies to assist in their hacks.