An Oxford teenager is believed to be one of the masterminds behind the gang that has claimed several major hacks in recent weeks.
Following a series of serious cyber attacks against some major tech players, authorities in the UK have arrested several people in connection with cybercriminal gang Lapsus$.
According to the City of London police, seven people between the ages of 16 and 21 have been arrested and released under investigation.
Yesterday (March 23), Bloomberg reported that security researchers traced the attacks to a teenager living with his mother near Oxford in England. He is believed to be the mastermind behind some of the attacks, but it is not yet known if he is one of the seven arrested.
The teen uses the online aliases ‘White’ and ‘breachbase’. Cybersecurity investigators were able to tie the teen to the hacking group using forensic evidence from the hacks, along with publicly available information.
Investigative journalist Brian Krebs, known for his coverage of cybercrime, took a closer look at the Lapsus$ group with the help of Allison Nixon, the principal investigator at Unit 221B, a cybersecurity consultancy based in New York.
According to Nixon, the alleged teenage mastermind was dominated, or shut out, on a hacker website after landing on the wrong side of a particular hacking community.
However, cybersecurity researchers had been tracking the teen for a while before the doxing happened.
The group is relatively new, but has been making waves in recent weeks with a series of high-profile hacks.
In February, chipmaker Nvidia suffered a cyberattack claimed by Lapsus$. The group said it had files on Nvidia GPU drivers, which allow hackers to turn any Nvidia GPU into a bitcoin mining machine.
A week after the Nvidia attack, the group claimed it had leaked nearly 190GB of data from Samsung.
Last week, it sent a grinning face emoji to a news link related to the recent Ubisoft hack, which could be the group responsible for that cyberattack.
The most recent hacking claims were Okta and Microsoft earlier this week. Both companies confirmed the data breaches yesterday (March 22).
According to Krebs’ in-depth report to the group, at least one member of Lapsus$ may also have been involved in the cyberattack on gamemaker EA last year, in which hackers ransacked the source code for some games.
10 things to know straight to your inbox every weekday. Sign up for the Daily Brief, the overview of essential sci-tech news in Silicon Republic.