Lapsus$ extortion gang—a cybercriminal group so bizarre and with such high-profile targets that some people suspected they were Russian state-sponsored hackers—claiming that it had breached Okta, a popular authentication services company, just hours after it leaked source code for Microsoft’s Bing search, Bing Maps, and Cortana voice assistant. Given that Okta is utilized by approximately 14,000 firms Okta’s bungled messaging around the event only made matters worse. In the end, Okta subprocessor Sykes revealed that hackers had gained access to an employee’s account, putting 366 consumers at danger. As we’ll see in the following paragraphs, that was just the beginning of an exciting week for Lapsus$.
Teenager Is Suspected of Being ‘Mastermind’ Behind Lapsus$
Soon after Lapsus$ claimed to have hacked Okta and leaked Microsoft source code (which Microsoft later confirmed), Bloomberg reported that security researchers identified the gang’s ringleader to be a teenager from Oxford, UK, who’s “so skilled at hacking—and so fast—that researchers initially thought the activity they were observing was automated.” Almost as swift were the arrests that followed: The BBC reported hours after Bloomberg’s story that City of London police detained seven persons, aged 16 to 21, in connection with Lapsus$ operations, which in addition to targeting Okta and Microsoft apparently involved hacking Samsung, Nvidia, EA, and Ubisoft. The 16-year-old identified by security experts may or may not have been among the detained group. None of them have been charged yet, but it is alleged that the police have freed them all without any further action being taken.