Seven Teens From Lapsus$ Become The Brains Of Attack On Microsoft And Okta, Just Looking For Fame

JAKARTA - Police in Britain have arrested seven people following a series of hacks by hacking group Lapsus$ that targeted major companies including Okta Inc and Microsoft Corp. The arrests were announced by the City of London Police on Thursday, March 24.

San Francisco-based Okta Inc, whose authentication services are used by some of the world's largest companies to provide access to their networks, said Tuesday, March 22, that it had been attacked by hackers. Even some of their customers may be affected by the attack.

"City of London Police has launched an investigation with its partners into members of the hacking group," Detective Inspector Michael O'Sullivan said in an emailed statement in response to questions about the Lapsus hacking group.

The ransom-seeking gang or extortionists, have posted a series of screenshots of Okta's internal communications on their Telegram channel on Monday, March 21, evening.

"Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and all have been released under investigation," O'Sullivan said.

News of this digital attack has plunged Okta's stake by around 11 percent amid criticism of the digital authentication company's slow response to the intrusion. Okta's shares traded down 4.8% last Thursday.

The city of London Police did not directly mention Lapsus$ in their statement. A spokeswoman said none of the seven people arrested had been formally charged, pending an investigation.

Who is Lapsus$?

Last month, Lapsus$ leaked proprietary information about chipmaker Nvidia Corp to the Web. Even recently the group claimed to have leaked the source code of several major technologies, including Microsoft. Microsoft itself on Tuesday, March 22 confirmed that one of its accounts had been compromised.

According to a Bloomberg News report, a teenager living near Oxford, England, is suspected of being behind several of the more significant attacks, on Wednesday, March 23.

Contacted by phone, the father of the teenager, who cannot be named because he is a minor, declined to comment. Reuters confirmed that three cybersecurity researchers investigating Lapsus$ believed the teenager was involved in the group.

In a blog post last Thursday, Unit 42, a research team at Palo Alto Networks, described Lapsus$ as an "assault group" motivated by fame rather than financial gain.

Unlike other groups, they do not rely on the spread of ransomware, malicious software to encrypt the networks of their victims, which is the hallmark of digital extortionists. This group, Lapsus$, instead manually dumps the waste into their target network.

Together with Unit 221b, a separate security consultancy, the Palo Alto researchers said they had identified the "main actors" behind Lapsus$ in 2021. They had "assisted law enforcement in their efforts to prosecute this group".

"The juveniles we identified as controlling Lapsus$ were instrumental," Allison Nixon, lead researcher at Unit 221b, told Reuters. "Not just for their leadership role, but for the vital intelligence they must have in the other members".