The hacking group that has been on a tear since late last year may have finally been unmasked, as London police have made arrests of a group that they accuse of being the Lapsus$ hackers responsible for attacks on Microsoft, Samsung, Okta, Nvidia and more.
This has not put a definitive end to the group, however, as it remains active with a recent leak of 70GB of data apparently captured from software development firm Globant. The accused group in London, all aged 16 to 21, remained out of custody for some time as the investigation continued. Investigators also believe that at least one member of the group, reportedly the most skilled, is in Brazil and still at large.
Lapsus$ hackers accused, but remain free as group continues shenanigans
The two members of the group accused of being the ringleaders, aged 16 and 17, were both found living at home with their parents in the London area. They were not taken into custody at first, but recent reports indicate they are now being held and scheduled to face a judge on an assortment of hacking-related charges on April 8. Five other accused members of the group, who range up to age 21, appear to have not yet been taken into custody.
That also leaves the “wizard” of the group free, a hacker based in Brazil who apparently operates so fast that investigators thought his online activity was the work of an automated script at first. It is unclear if the group has other collaborators in that country, but it has targeted Portuguese-language companies in the past and has kept its Telegram channel active even as the UK members were being charged and taken into custody.
One of the ringleaders of the Lapsus$ hackers, a 16 year old who goes by the online handles “breachbase” and “White,” appears to have led law enforcement to the group by getting into it with other hackers in a dispute over his acquisition of a popular underground doxxing site called Doxbin. The rival hackers leaked personal information on him, which apparently did not go unnoticed by law enforcement.
Prior to that point the Lapsus$ hackers had not been shy about getting their brand out there, however, posting publicly on Twitter and other mainstream sites about their exploits. The group also pulled other immature antics such as returning to companies they had breached to break into internal Zoom calls and taunt them. They also regularly made personal contact with their victims as they regularly employed social engineering to obtain credentials, openly making offers to bribe employees via LinkedIn and Reddit.
Just prior to the wave of arrests in the UK, the Lapsus$ hackers posted on their Telegram channel about “going on vacation” for a time. In spite of the incarcerations of some members, that “vacation” appeared to end in early April with the dump of inside information from Globant. In the meantime, the ongoing investigation has turned up links to hacks that the group did not publicly take credit for; they may have been involved in breaches of a UK mobile phone network in 2021 and Electronic Arts in 2022.