What happened now? Has the mastermind behind Lapsus$ been revealed? This claim is made by Bloomberg, who writes that cybersecurity researchers investigating a series of attacks carried out by a hacker group traced them back to a 16-year-old teenager living in his mother’s house in England.
Publication reports that four researchers investigating Lapsus$ attacks on behalf of targeted companies say they see the teenager as a mastermind. Although they were unable to definitively link him to every break-in the group claimed, investigators used forensic evidence and public information to identify the teenager.
The suspect, who uses the online aliases “White” and “breachbase”, has not been charged with any crimes by police. Bloomberg spoke to his mother, who lives in Oxford, England, after tracking her down using footage about the teenager leaked from rival hackers. She was unaware of the allegations against her son and said that others were persecuting him. She refused to discuss it and said she was contacting the police.
Microsoft Security is tracking the criminal DEV-0537 (LAPSUS$), which targets organizations with data theft and destructive attacks, including Microsoft. Analysis and guidance in our latest blog: https://t.co/gTMXJCoPY5
— Microsoft Security (@msftsecurity) March 22, 2022
One of the investigators said they found seven different accounts linked to Lapsus$, as well as another teenage participant living in Brazil. The suspect from the UK is so skilled and quick at hacking that some considered his work to be automated.
According to edgecyber security expert Brian Krebs writes that one of the main members of the group under the nicknames “Oklaqq” and “WhiteDoxbin” acquired the Doxbin docking site. They later sold it back to the original owner, but leaked “the entire Doxbin dataset”. This led to the Doxbin community doxing WhiteDoxbin, “including videos allegedly filmed at night near his home in the United Kingdom,” Krebs writes.
Lapsus$ claims to be behind attacks on Nvidia, Samsung, Vodafone, Microsoft, Okta and more. They are believed to be motivated not only by money but also by fame, given that the group does not cover their tracks and joined the victims’ calls on Zoom to taunt them.