What just happened? Has the mastermind behind Lapsus$ been revealed? That's the claim being made by Bloomberg, which writes that cybersecurity researchers investigating a string of attacks carried out by the hacking group have traced them back to a 16-year-old living in his mother's house in England.
The publication reports that four researchers investigating the Lapsus$ attacks on behalf of the companies that were targeted say they believe the teenager is the mastermind. While they haven't been able to conclusively link him with every hack claimed by the group, the investigators have used forensic evidence and public information to identify the teen.
The suspect, who uses the online aliases "White" and "breachbase," has not been accused by police of any crimes. Bloomberg spoke to his mother, who lives in Oxford, England, after tracking her down using material leaked about the teen by rival hackers. She was unaware of allegations against her son and said he has been harassed by others. She declined to discuss him and said she was contacting the police.
Microsoft Security has been tracking criminal actor DEV-0537 (LAPSUS$) targeting organizations with data exfiltration and destructive attacks - including Microsoft. Analysis and guidance in our latest blog: https://t.co/gTMXJCoPY5— Microsoft Security (@msftsecurity) March 22, 2022
One investigator said they had identified seven different accounts linked to Lapsus$, along with another teenage member living in Brazil. The UK suspect is said to be so skilled and fast at hacking that some believed his work was automated.
Cybersecurity expert Brian Krebs writes that a core member of the group using the handles "Oklaqq" and "WhiteDoxbin" purchased doxing website Doxbin. They later sold it back to the original owner but leaked "the entire Doxbin data set." This resulted in the Doxbin community doxing WhiteDoxbin, "including videos supposedly shot at night outside his home in the United Kingdom," writes Krebs.
Lapsus$ claims to have been behind attacks on Nvidia, Samsung, Vodafone, Microsoft, Okta, and more. It's believed they are motivated as much by notoriety as money, given the group doesn't cover its tracks and has joined in victims' Zoom calls to taunt them.