Experts claim the notorious data extortion group LAPSUS$ could be the brainchild of a teenager in the United Kingdom.

LAPSUS$ is a relatively new cybercrime gang that first surfaced in December 2021 and was tracked by Microsoft as DEV-0537. The group specializes in stealing data using social engineering techniques and threatening its victims to publish it unless their ransom demand is met. 

According to Microsoft, DEV-0537 initially targeted organizations in South America and the UK and gradually expanded operations worldwide. Its key targets include telecom firms, government entities, and health sector companies.

Recently, the gang shocked the cybersecurity fraternity by conveniently targeting high-profile firms like Microsoft, Samsung, Okta, etc., and posting screenshots of stolen data on its Telegram channel.

Who’s the Mastermind Behind LAPSUS$?

Cybersecurity researchers involved in the investigation of recent attacks on Microsoft and Okta have traced the group’s mastermind, who, according to them, is a sixteen-year-old living in Oxford, England. 

Bloomberg reports that researchers identified seven different accounts associated with the LAPSUS$ hacking group and traced one account to another teen located in Brazil. Experts suspect that the teen living in the UK is the mastermind behind major LAPSUS$ attacks.

However, they couldn’t trace this person’s connection to all the attacks the group has conducted so far. According to Bloomberg, the teenager uses multiple nicknames, including “White” and “breachbase.”

How Researchers Identified the Mastermind?

Researchers examined forensic evidence from several hacks and publicly available information to identify the operator(s) behind LAPSUS$ and could validate the teen’s involvement in the attacks. It seems rival hackers posted his details, including his location, residential address, and information about his parents, to tip investigators.

Cybersecurity researchers also believe that LAPSUS$ isn’t just a financially motivated group. It is a notorious group of hackers as they don’t try to cover their tracks and even announce their latest hacking successes on social media.

They also publicly lure employees into selling their company’s login credentials. Furthermore, they taunt people responding to their attacks by joining their targets’ communications across various channels such as Zoom. 

Posted by Charlie