London police arrested 7 adolescents between the ages of 16 and 21 for allegedly belonging to the Lapsus $ gang, guilty of the latest cyber attacks against Microsoft, Okta, Nvidia, Samsung, Ubisoft, LG and others.
The news, given by BBC News, follows a Bloomberg investigation that pointed to a 16-year-old Oxford teenager as the mastermind of the group. lives with his mother and father acquired. It would have been discovered because the researchers tasked with identifying it would have crossed its hacking activities with due pseudonimi, White o Breachbasewith which he would have accumulated about 300 Bitcoins (i.e. about 15 million dollars).
Lapsus $ stole Cortana and Bing from Microsoft
by Arturo Di Corinto
Behind the discovery, according to cybersecurity expert Brian Krebs, there would however be a revenge following the purchase of Doxbin: one of the members of the group would have bought this portal for sharing personal information (the dox, that is the dossiers in which they are collected all data of persons of interest) initially on the hidden Tor network, only to give it back to the former owner in January 2022, but not before leaking the entire Doxbin dataset to Telegram and causing the Doxbin community to retaliate by releasing personal information about White from Lapsus, including home address. and nighttime videos shot outside his home in the UK. A name, this, also linked to the hacker attack carried out against the video game giant Electronic Arts last year and to recruiting new members of Lapsus $.
According to another version of the facts, the basis of the disclosure of the boy’s personal data and social profiles there would be a quarrel between him (White, in fact) and the other members of the Lapsus $ group.
The researchers of Cluster25, a branch of the American DuskRise Inc, committed to track the group’s activity in the DarkWeb forums, however, had already identified on March 8 who is behind the pseudonym. In a report shared confidentially with Italian Tech and dated March 17, the researchers had also come to make a White / BreachBase file: he is a young man from Kidlington, born on February 19, 2005 and named Arion K.
3 reasons to watch Halt and Catch Fire (even if you won’t be able to watch it)
by Emanuele Capone
The group that lives on Telegram and loves open source
Despite the arrests, the group remains active on Telegram, where their channel has amassed nearly 52,000 subscribers. Thus, while on March 23 they wrote that “some of our members will be on vacation until March 30th, we rest for a while, thanks for understanding, we will post more material as soon as possible ”, just two days later they said that“ we have noticed that many users are impersonating the Lapsus $ staff. Remember that anyone who claims to be Lapsus $ is most likely an imposter, the only public username is @ LapsusjobsLapsus $. The only official Lapsus $ media are t.me/minsaudebr and t.me/saudechat ”.
The latter could be the Brazilian component of the group and this membership would also explain the fact that Lapsus has assaulted various Portuguese-speaking targets, such as the Parliament, using data extortion campaigns and exploiting compromised AWS servers. As the Cluster25 researchers wrote, “Although the underground community previously described the group as amateur, Lapsus $ is credited with carrying out a cyber attack against Vodafone Portugal in early February, impacting 4G / 5G voice and SMS service. Of Vodafoneas well as on its television services “.
In the case of Microsoft, however, the hackers stole the source code for products like Bing and Cortana for a total of approximately 37 GB of data from Azure DevOps servers, aimed at developers. For Nvidia, which produces graphics cards, the loot was quantified in 1 TB of data and 190 GB would ultimately be those stolen from Samsung.
However, the group seems to have ideological and not just financial motivations: for example, on Telegram, in addition to ridicule the banal explanations of companies caught out on security as in the case of Okta, the affiliates of Lapsus $ have asked Nvidia to distribute its GPU drivers for Windows, MacOs and Linux, “from now on and forever” in a completely open-source way (and with a Foss license, that is Free Libre Open Source Software), otherwise threatening to divulge its trade secrets.
According to Microsoft, the gang acts in a peculiar and unorthodox way as it “does not seem to cover its tracks” and because it uses a unique artisan blend in its forays, combining social engineering based on phone calls and paying employees of target organizations to gain access to credentials with which to penetrate victims’ cyber environments.