Cybersecurity researchers probing a string of hacks against technology companies including Microsoft and Nvidia have traced back to attacks on a 16-year-old man living at his mother’s home near Oxford, England.
Four researchers investigating the hacking group Lapsus$ on behalf of the attacking companies said they believed the teenager to be the mastermind.
Lapsus$ has baffled cybersecurity experts as it triggered a high-profile hack. The motives behind the attacks are still unclear, but some cybersecurity researchers say they believe the group is motivated by money and notoriety.
The teens suspect Lapsus$ to be behind some of the major hacks, but they haven’t been able to link him to every hack that Lapsus$ has claimed. Cyber researchers have used forensic evidence from the hack as well as publicly available information to link the teen to the hacking group.
Bloomberg News is not naming the alleged hacker, who goes by the online aliases “White” and “Breachbase,” who is a minor and has not been publicly charged by law enforcement of any wrongdoing.
According to investigators, another member of Lapsus$ is suspected to be a teenager living in Brazil. A person investigating the group said security researchers have identified seven unique accounts linked to the hacking group, indicating that others are likely to be involved in the group’s operations.
The teen is so adept at hacking — and so fast — that researchers initially thought the activity they were seeing was automatic, said another person involved in the research.
Lapsus$ has publicly taunted its victims, leaking their source code and internal documents. When Lapsus$ disclosed that it had violated Okta, it sent the company into a public relations crisis. In several blog posts, Okta disclosed that an engineer from a third-party vendor was breached, and 2.5% of its customers may have been affected.
Lapsus$ has even gone so far as to join a Zoom call of companies where it has taunted employees and consultants who, according to three people who responded to the hack, tried to clean up their hack. trying.
Microsoft, which itself confirmed it was hacked by Lapsus$, said in a blog post that the group has launched “massive social engineering and extortion campaigns against multiple organizations.” The group’s primary modus operandi is to hack companies, steal their data and demand a ransom for not releasing it. Microsoft tracks Lapsus$ as “DEV-0537” and says the group has successfully recruited insiders to assist with their hacks at the aggrieved companies.
According to two researchers, the group suffers from poor operational security, allowing cybersecurity companies to gain intimate knowledge about teen hackers.
“Unlike most activity groups that remain under the radar, the DEV-0537 doesn’t cover its tracks,” Microsoft said in a blog post. “They go as far as announcing their attacks on social media or advertising their intention to purchase credentials from employees of targeted organizations. DEV-0537 began targeting organizations in the United Kingdom and South America, but government, technology, It expanded to global targets including organizations in the telecommunications, media, retail and health care sectors.
The teenage hacker in England had access to his personal information posted online by rival hackers, including his address and information about his parents.
At an address listed in leaked material as the teen’s home near Oxford, a woman who identified herself as the boy’s mother spoke with a Bloomberg reporter via a doorbell intercom system for about 10 minutes. The house is a modest terraced house on a quiet road about five miles from Oxford University.
The woman said she was unaware of the allegations against her son or the leaked material. She said she was upset that videos and photos of her home and that of the teenager’s father were included. The mother said the teenager lives at that address and was harassed by others, but several other leaked details could not be confirmed.
She declined to discuss her son in any way or make him available for an interview, saying the matter was a matter of law enforcement and that she was contacting the police.
Thames Valley Police and the National Crime Agency, which investigates hacking in the UK, did not immediately respond to messages about the alleged juvenile hacker. The FBI’s San Francisco field office, which is investigating at least one Lapsus$ intrusion, declined to comment.
Lapsus$ also claimed to have dissolved Samsung Electronics Co., Vodafone and Ubisoft. After breaching Nvidia, Lapsus$ posted the source code stolen from the company on its Telegram channel.
After its claim of hacking Otka made headlines on Tuesday, Lapsus$ suggested it would take some time before hacking the world’s biggest companies.
“Some of our members have leave until 30/3/2022. We may be silent for some time,” the hackers wrote in its Telegram channel. “Thank you for understanding us. – We will try to leak the goods as soon as possible.”