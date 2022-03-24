A 16-year-old who lives with his mother in England and another who lives in Brazil are suspected of attacks by the cybercriminal group Lapsus$. In addition to them, the information is that there are others involved in harmful actions, as reported by Bloomberg.

Lapsus$ has been baffling cybersecurity experts as it carries out a wave of high-profile hacks. The motivation behind the attacks is still unclear, but some cybersecurity researchers say they believe the group is motivated by money and notoriety.

Hacking from mom’s house

Security researchers who have investigated a number of incidents against tech companies including Microsoft, Nvidia and Samsung have traced the attacks to a 16-year-old who lives in his mother’s home near Oxford University in England.

However, it has not yet been possible to link the boy conclusively to all the hacks that Lapsus$ has claimed. Cyber ​​researchers used forensic evidence of the attacks as well as publicly available information to link the young man to the cybercriminal group.

Lapsus$ in Brazil

Another member of Lapsus$ is suspected of being a young man residing in Brazil, according to investigators. A person investigating the group said that seven unique accounts associated with the cybercriminal group were identified, indicating that there are likely others involved in the attacks.

Because of a certain skill and speed in their actions, researchers initially thought the activity they were observing was automated, said another person involved in the research. Microsoft, which confirmed it was hacked by Lapsus$, said in a company blog post that the group had embarked on a “large-scale social engineering and extortion campaign against various organizations.”

Since last year, cybercriminals have waged a blitzkrieg against institutions and companies. At the end of 2021, he claimed responsibility for the attack on ConectSUS and the Ministry of Health here in Brazil, and in early 2022, he claimed attacks on the South Korean Samsung and Nvidia. Most attacks target source code repositories.

The group’s main modus operandi is to hack companies, steal their data and demand a ransom for not releasing it. Microsoft tracks Lapsus$ as “DEV-0537” and said the group has successfully recruited people from within victimized companies to help with its hacks.

According to two of the researchers, the group suffers from low operational security. Thus, they allow cybersecurity companies to gain intimate knowledge about young people. The 16-year-old from England had his personal information, including his address and information about his parents, posted online by rival hackers.

At an address listed in the leaked materials, a woman who identified herself as the young man’s mother said she was unaware of the allegations against her son or the leaked materials, as reported by Bloomberg. She said she was disturbed by the inclusion of videos and photos of her home and the boy’s father’s home.

On vacation

In a latest move, the Lapsus$ cybercriminals are claiming an attack against the authentication company Okta, which has thousands of customers including organizations and governments across the world. On Telegram, the group posted several screenshots to prove the act (which Okta confirmed took place in January).

The authentication company got into a public relations crisis and disclosed that an engineer at a third-party vendor was breached, with 2.5% of their customers likely to have been affected. After claiming to have hacked Okta, Lapsus$ reported on Telegram that some of its members are “on vacation” until the 30th of this month, and that they may be “quiet” for some time.

