Since January of 2022, a gang of mysterious hackers has been terrorizing many big tech companies, such as Samsung, Nvidia, Ubisoft, Mercado Libre, Vodafone, and most recently, Microsoft, OTK, and Globant.
The latest headlines related to the gang point out the arrest of seven young hackers (aged 16 to 21) supposedly connected to the gang, executed by The City of London Police.
Below, is everything we know so far about the non-ransomware gang everyone’s talking about.
What is LAPSUS$, the “Ransomware” Gang?
As it was previously mentioned, LAPSUS$ wormed deep into international corporations’ networks, where it then stole pieces of source code to leak all over the internet, spilling company secrets and embarrassing the victim.
While this is not something new for hackers, they’re unique and different from others. Unlike most cybercrime groups, LAPSUS$ doesn’t seem to cover its tracks nor stay under the radar.
According to a recent blog post published on Microsoft’s Threat Intelligence Center:
“They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations… [the gang] also uses several tactics that are less frequently used by other threat actors tracked by Microsoft.”
Also, while previously reported as such, the LAPSUS$ group cannot be categorized as a “ransomware gang” despite its habit of leaking stolen data, because they never use ransomware. This means, LAPSUS$ does not encrypt victims’ data; they just steal it.
Another thing that makes this gang fascinating, it’s their flashy tendencies. LAPSUS$ uses Telegram, the semi-encrypted chat app which is not typical of most cybercrime gangs.
What is also not typical, is the fact that they may be composed of teenagers. Maybe they don’t seem so frightening now, but don’t let that fool you… They’ve dominated multi-billion dollar companies in ways only top hackers only wish to.
Who’s the LAPSUS$ leader?
Not only LAPSUS$ is full of young members, but its ringleader is reputed to be a 16-year-old kid from Oxford. He goes by the pseudonym “White and he seems to be in trouble.
Alleged rival hackers (from another cybercrime faction) have supposedly doxxed his identity on Doxbin, an information-leaking website. In a post, the doxxers said “White” owned 300 Bitcoins (nearly $14 million) and called LAPSUS$ a “wannabe ransomware group.”
Allison Nixon, CRO at Unit 221B, talked about this in a Gizmodo interview.
According to her, “White” was doxxed due to a damaged business relationship the leader had with Doxbin’s operators. It seems like “White” purchased the website at some point but the former owners regained control due to the kid’s ineffective administrative skills.
She also claimed to have uncovered “White” real identity due to an investigation with other cybersecurity firms, but neither the details nor Doxbin post’s screenshots cannot be disclosed before law enforcement takes action.
But some might got this information already. The BBC identified the father of a “16-year-old from Oxford” of which he commented:
“I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good at computers and spends a lot of time on the computer.
I always thought he was playing games.
We’re going to try to stop him from going on computers.”
The last update on this case focuses on the open charges of two teenagers (from seven arrested) who are set to appear at Highbury Corner Magistrates’ Court on Friday.
According to Michael O’Sullivan (Detective Inspector):
“The pair remain in custody. Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data.
The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorized access to a program.”
It is unclear how many members are in Lapsus$ but clues from their Telegram chats seem to suggest that there are members who speak English, Russian, Turkish, German, and Portuguese. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.