Okta Hackers Arrested As Part Of Lapsus$ Crackdown: Report

‘The City of London police has been conducting an investigation with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested,’ British police said.

Seven teenagers have been arrested in England following an audacious cybercrime spree over the past month by members of the Lapsus$ data extortion gang.

“The City of London police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan told Reuters in an emailed statement. “Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation.”

London police did not directly name Lapsus$ in its statement, and none of the seven people arrested have been formally charged, a police spokeswoman told Reuters. London police did not immediately respond to a CRN request for comment. Bloomberg reported Wednesday that cybersecurity researchers investigating the hacking group Lapsus$ traced the attacks to a 16-year-old living at his mother’s house.

[Related: ‘Two Months Is Too Long’: Tenable CEO Slams Okta’s Breach Response]

Lapsus$ has captured the attention of the security community over the past month by compromising four of the most prominent enterprise technology companies in the world: Nvidia, Samsung, Microsoft, and Okta. The group has appeared to be less financially motivated than traditional ransomware gangs, with Lapsus$ rarely encrypting victim networks and often releasing data before demanding payment.

Four researchers investigating the hacking group Lapsus$ on behalf of companies that were attacked said they believe the Oxford, England teenager is the mastermind based on forensic evidence and publicly available information, Bloomberg reported. The teen is suspected of being behind some of the major hacks carried out by Lapsus$ but hasn’t conclusively tied him to every hack.

The teen is so skilled at hacking – and so fast – that the researcher initially thought the activity they were observing was automated, one person involved in the research told Bloomberg. Another member of Lapsus$ is suspected to be a teenager residing in Brazil. One person investigating the group said security researchers have identified seven unique accounts associated with the hacking group, Bloomberg said.

Lapsus$ burst onto the scene in late February, when Nvidia allegedly launched a retaliatory strike against the gang to prevent the release of the chipmaker’s stolen data. Nvidia said Lapsus$ obtained the company’s network credentials and through deception, obtained two-factor authentication capability and access to Nvidia’s network. Lapsus$ then leaked some proprietary Nvidia information online.

Earlier this month, Lapsus$ said it stole Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls. The breach involved 190 gigabytes of Samsung data, and included leaked source code for trusted applets, algorithms for biometric unlock operations, bootloader source code for recent Samsung devices and authentication codes, Lapsus$ said.

A week ago, Lapsus$ posted on Telegram saying it had breached internal source code repositories for Microsoft Azure DevOps and shared images on Telegram showing access to Bing- and Cortana-related projects. Microsoft admitted Tuesday that hacker group Lapsus$ gained “limited access” to the tech giant through a single compromised account but dismissed that the attack had created additional risk.

Lapsus$ struck again this week, posting screenshots to its Telegram channel Tuesday of what it alleged was data from customers of identity security giant Okta. Up to 366 Okta customers might have had their data ‘acted upon’ following a Lapsus$ cyberattack against Sitel, which Okta contracts with for customer support work. After revealing the Okta screenshots, Lapsus$ announced it would be taking a brief break.

“A few of our members has a vacation until 30/3/2022,” Lapsus$ wrote on its Telegram channel Tuesday. “We might be quiet for some times. Thanks for understand us. – we will try to leak stuff ASAP.”