Cybersecurity researchers have identified members of the hacking group Lapsus$, one of whom is believed to be a teenager in the UK.
A recent report by Bloomberg details the findings, stating that some of the attacks have been traced back to a 16-year old living in his mother’s home near Oxford, England. Four companies were targeted by Lapsus$, including Microsoft, Nvidia, Ubisoft and Okta, with the motivation remaining unclear.
The alleged hacker has not been named as he has not been publicly accused but goes by the names “white” and “breachbase” online. Cyber researchers have used forensic evidence to tie him to the attacks.
One of the investigators said they had identified seven accounts used by the hacking group, with one suspected to belong to a teenager living in Brazil. However, it is believed that others are involved and yet to be identified.
Microsoft released a blog post on March 22 detailing the activities of Lapsus$, which is tracked internally as “Dev-0537”. “In recent weeks, Microsoft Security teams have been actively tracking a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements,” the post said.
Microsoft Security has been tracking criminal actor DEV-0537 (LAPSUS$) targeting organizations with data exfiltration and destructive attacks – including Microsoft. Analysis and guidance in our latest blog: https://t.co/gTMXJCoPY5
— Microsoft Security (@msftsecurity) March 22, 2022
The post also detailed some of the group’s behaviours. “Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets.”
The UK-based teenager has had his personal details, including his address, posted online by a rival hacker group. Bloomberg attempted to visit the address and spoke with the mother. She said she was unaware of any allegations against her son and was disturbed that images of their home had been shared online.