Seven persons have been arrested by the City of London Police, including a 16-year-old accused head of the LAPSUS$ hacking organisation from Oxford, England. LAPSUS$ has claimed responsibility for recent cyber assaults on Electronic Arts, Microsoft, Samsung, Ubisoft, Nvidia, and Okta, among others.
Following the arrest, Michael O’Sullivan, Detective Inspector, City of London Police, said in a statement, “The City of London Police has been pursuing an investigation alongside its partners into members of a hacking organisation.” “In conjunction with this inquiry, seven people between the ages of 16 and 21 were arrested and released under investigation. Our investigations are still ongoing.
According to Bloomberg, the accused head of the famed hacking organisation that boasted about its recent operations online was apparently autistic and lived with his mother. The unnamed child goes by the nicknames “White” or “Breachbase.” Former business colleagues who had a falling out with him divulged the teenager’s identify, address, and social media images, according to the BBC.
On Wednesday, Ookta, an identity and access management business, estimated that the greatest potential impact of the LAPSUS$ attack might be 366 clients (about 2.5 percent) whose data was accessed or acted upon. “An attacker never obtained access to the Okta service through account takeover, but a system that was logged into Okta was hacked, and they were able to grab screenshots and operate the machine via an RDP (Remote Desktop Protocol) session.
Microsoft revealed on Thursday that their investigation into LAPSUS$, which is being tracked as DEV-0537, discovered that only one account had been compromised, providing “limited access.” Microsoft revealed this while disclosing additional information regarding the hacker group’s detection, hunting, and mitigation.
“DEV-0537 began attacking organisations in the United Kingdom and South America, but has since grown to include organisations in the government, technology, telecom, media, retail, and healthcare sectors,” according to Microsoft’s security blog. DEV-0537 was also known to take over individual user accounts at cryptocurrency exchanges in order to drain cryptocurrency assets, according to Microsoft. Unlike other hacking groups that keep their identities concealed, LAPSUS$ publicises their attacks on social media or exposes their intention to buy credentials from target employees, according to Microsoft.