[BreachExchange] Teen Suspected of Being Mastermind of Lapsus$ Hacking Group

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Mar 24 10:06:13 EDT 2022


https://www.cnet.com/tech/services-and-software/teen-suspected-of-being-mastermind-of-lapsus-hacking-group/

A teenager is suspected of being the mastermind behind the Lapsus$ hacking
group, which has claimed responsibility for data hacks of Samsung and
Nvidia, as well as recently revealed breaches at Microsoft and Okta,
according to a Bloomberg report Wednesday.

Four researchers investigating Lapsus$ suspect that a teen living in the UK
who goes by the online alias "White" and "breachbase" is running group's
activities, Bloomberg reported. However, the teen, whom Bloomberg didn't
identify because of his age, hasn't been accused of a crime by law
enforcement and the researchers "haven't been able to conclusively tie him
to every hack Lapsus$ has claimed," Bloomberg reported.

Bloomberg said the boy's mother spoke with one of its reporters for about
10 minutes through a doorbell intercom system at the home, located about 5
miles from Oxford University. She reportedly said she was unaware of the
allegations against her son and declined to discuss him or make him
available for an interview.

The group, believed to be based in South America, also includes another
teenager living in Brazil, among others, according to Bloomberg. The teen's
high level of skill initially led researchers to believe that they were
observing was automated, one persona involved in the research told the news
agency.

Lapsus$' use of social media makes it unusual in the hacking arena. On
Monday, the group allegedly posted online screenshots to its Telegram
channel of what appeared to be Okta's internal tickets and its in-house
chat on Slack, the messaging app. The identity authenticator giant, which
counts more than 15,000 companies as clients, said about 2.5% of its
customers may have been impacted.

Microsoft, which was also targeted by Lapsus$ recently, said it interrupted
a data hack by the group after it publicly disclosed the operation on
social media. Microsoft said the hackers gained "limited access" to a
single account, noting that Lapsus$ doesn't seem concerned with hiding its
activity.

"Our team was already investigating the compromised account based on threat
intelligence when the actor publicly disclosed their intrusion," Microsoft
said in a blog post Tuesday. "This public disclosure escalated our action
allowing our team to intervene and interrupt the actor mid-operation,
limiting broader impact."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220324/2cc50f0e/attachment.html>


More information about the BreachExchange mailing list