The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that’s linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.
The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It’s not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.
“I had never heard about any of this until recently,” the teen’s father was quoted as saying to the broadcaster. “He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”
According to security reporter Brian Krebs, the “ringleader” purchased Doxbin last year, a portal for sharing personal information of targets, only to relinquish control of the website back to its former owner in January 2022, but not before leaking the entire Doxbin dataset to Telegram.
This prompted the Doxbin community to retaliate by releasing personal information on “WhiteDoxbin,” including his home address and videos purportedly shot at night outside his home in the U.K.
What’s more, the hacker crew has actively recruited insiders via social media platforms such as Reddit and Telegram since at least November 2021 before it surfaced on the scene in December 2021.
At least one member of the LAPSUS$ cartel is also believed to have been involved with a data breach at Electronic Arts last July, with Palo Alto Networks’ Unit 42 uncovering evidence of extortion activity aimed at U.K. mobile phone customers in August 2021.
LAPSUS$, over a mere span of three months, accelerated their malicious activity, swiftly rising to prominence in the cyber crime world for its high-profile targets and maintaining an active presence on the messaging app Telegram, where it has amassed 47,000 subscribers.
Microsoft characterized the group as an “unorthodox” group that “doesn’t seem to cover its tracks” and that uses a unique blend of tradecraft, which couples phone-based social engineering and paying employees of target organizations for access to credentials.
If anything, LAPSUS$’ brazen approach to striking companies with little regard for operational security measures appears to have cost them dear, leaving behind a forensic trail that led to their arrests.
The last message from the group came on Wednesday when it announced that some of its members were taking a week-long vacation: “A few of our members has a vacation until 30/3/2022. We might be quiet for some times. Thanks for understand us – we will try to leak stuff ASAP.”