Four researchers investigated the Lapsus$ hacker group at the request of the hacked companies. They believe that the 16-year-old teenager living with his mother in Oxford (UK) is the brain behind the notorious hacker organization.
Lapsus$ surprised cybersecurity experts when it acknowledged a series of serious attacks. The motive for the attack is not clear, but some researchers say the ultimate goal is money and fame.
The teen is suspected of being behind some of the major Lapsus$ hacks, but experts can’t conclude he’s involved in all of the hacks. They used forensic evidence from cyberattacks as well as public information to find suspects.
According to Bloomberg, the 16-year-old is nicknamed “White” and “breachbase” online and has never been named by law enforcement.
Another Lapsus$ member could be a teenager living in Brazil. An investigator said they found seven unrelated accounts tied to the hacker group, implying that others were involved in the group’s activities.
The teenage suspect’s offensive skills were so mature and so fast that researchers initially thought they were observing something pre-programmed.
Lapsus$ is not afraid to humiliate its victims in public and leak their source code and internal documents. When revealed to have hit Okta, they plunged the company into a media crisis.
Lapsus$ even participated in Zoom calls of the businesses they infiltrated, where they mocked employees and advisors who were trying to clean up the aftermath of the cyber attack.
Microsoft confirmed being “visited” by Lapsus$. In the blog, the software firm points to Lapsus$ (DEV-0537) conducting a “massive blackmail campaign against large enterprises”. The group’s main formula is to attack companies, steal data and demand ransom. According to Microsoft, the group has been successful in bribing insiders of organizations to support intrusive activities.
However, experts said, this group’s security is quite poor, helping them find the whereabouts of teenage hackers. “Unlike most groups in sight, DEV-0537 doesn’t seem to hide their whereabouts. They also report attacks on social networks, advertise intent to buy login information from employees of the target organizations. DEV-0537 started with organizations in the UK and South America and expanded globally, including government, technology, telecommunications, retail and healthcare organizations,” Microsoft wrote on the blog.
The 16-year-old hacker’s opponents in the UK have posted personal information, including addresses and parents, online. The house the suspect lives in with his mother is modest in size, located on a quiet street, a few miles from Oxford University.
When talking to Bloomberg, the mother said she did not know about the allegations against her child or the information posted online. She was upset that photos and videos of her family and her husband’s family were posted. She refused to talk about her son or let him give interviews.
In addition to Microsoft and Okta, Lapsus$ also claims to have attacked Samsung, Vodafone, Ubisoft. After breaching Nvidia, Lapsus$ posted the stolen source code on his Telegram channel. In addition, the group announced that they will “wash their hands and raise their swords” for a while after the Okta attack.
“Some of our members will be on vacation until March 30, 2022. We will lie still for a while,” the group wrote on the Telegram channel. “Thanks for your understanding, we will try to leak everything as soon as possible.”