Over the past month, a number of the world’s biggest tech companies—including Microsoft, Nvidia, Ubisoft, Samsung and Okta—have been hacked by a group known as Lapsus$. These haven’t been minor breaches, either; Nvidia lost sensitive GPU designs, and Microsoft gigabytes of important source code. Now a report is claiming that the ‘mastermind’ behind the hacks is a teenager ‘living at his mother’s house’ in England.
A story on Bloomberg says that “researchers investigating the hacking group Lapsus$ on behalf of companies that were attacked” are focusing their efforts on a 16 year-old English boy who it’s believed is behind most, though not all, of the intrusions. Those researchers are also investigating a Brazilian teenager, and believe there are at least seven members of the group in total, If specifics are known on any of the other hackers, they haven’t been disclosed.
It’s important to note here that while private investigators have drawn up this list of suspects, nobody has been formally charged by authorities. Nevertheless, the information being shared by these cybersecurity researchers is super interesting:
- They believe the main suspect, the 16 year-old from England, was so good that “researchers initially thought the activity they were observing was automated.”
- Microsoft says the group, which is running a “large-scale social engineering and extortion campaign against multiple organizations,” has been in part so successful because they’ve been able to enlist “insiders at victimized companies in order to assist in their hacks.”
- Outrageously, it’s claimed that members of Lapsus$ have been using compromised employee information to log in to Zoom calls being held by their victims, “where they have taunted employees and consultants who are trying to clean up their hack.”
The cybersecurity researchers say they’ve been able to identify the two teens so quickly because, for all their offensive capabilities, “the group suffers from poor operational security.”