A teenage suspect emerged as the central figure of the hacker group 'LAPSUS $' that hacked Microsoft etc.



It is revealed that teenagers living in the United Kingdom and Brazil have emerged as suspects on the investigation line of the cybercriminal group `` LAPSUS $'' that has hacked companies such as

NVIDIA , Samsung , Microsoft and Okta from the beginning of 2022. became.

Lapsus $ Cyberattacks Traced to Teenager in England --Bloomberg
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind

A Closer Look at the LAPSUS $ Data Extortion Group – Krebs on Security
https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/

In February 2022, semiconductor maker NVIDIA was attacked by ransomware, and some confidential information was leaked. Regarding this attack, a group of hackers calling themselves 'LAPSUS $' announced that 'we are the attackers.' In addition to demanding that the ransom be paid in virtual currency, it also demanded that drivers for Windows, macOS, and Linux be open sourced, and that the restrictions on mining performance set on GPUs be lifted.

NVIDIA admits that confidential information has been stolen by hacking groups, threatening to 'remove GPU mining restrictions'-GIGAZINE



Also, in March of the following year, technology companies Samusung , Microsoft , and Okta announced that they had been hacked by LAPSUS $, and it became clear that all of them caused damage such as data leakage and account breach. rice field. As additional information, Okta has announced that it 'remotely accessed the partner company Sitel 's PC and took action with some of Okta's support tools.'

When Microsoft and NVIDIA were investigating a series of hacks, two teenagers emerged as suspects. According to the security teams of both companies, LAPSUS $ was inadequately operational and in a state where more information about hackers could be obtained, and the team identified seven credentials that appear to be related to hacking. However, I presume that one of the suspects is a teenager living in the United Kingdom and one is a teenager living in Brazil. The British suspect is the leader of LAPSUS $ and is believed to be active under the ID 'White Doxbin' or 'Oklaqq'.

According to the team, the suspect's hacking skills were quite proficient, and at first it was so quick that it was speculated that the attack was automatic. The team has managed to identify the suspect, but none have found clear evidence to determine the suspect. In addition, both suspects are minors in their country of residence and will not be held liable by law enforcement agencies.



The British suspect has been leaked personal information by a rival hacker, and his address has already been broken. When Bloomberg, an overseas media, asked for his address, the suspect's mother responded and said, 'I didn't know what my son was doing or what was being suspected.' The mother refused to provide more information and said, 'This is a law enforcement issue.'

LAPSUS $ is a group that operates primarily in South America and claims that LAPSUS $ itself has no connection to any particular nation. The Telegram channel of LAPSUS $ has 45,000 participants at the time of writing the article, and is looking for members to launch attacks on major companies. Activities since at least 2021 have been recorded, and the assets gained from numerous attacks are estimated to exceed 300 BTC (about 1.6 billion yen).

in Security, Posted by log1p_kr