Cybersecurity sleuths have reportedly uncovered the suspected mastermind of the notorious Lapsus$ hacker group – a 16-year-old whiz kid living with his mother in Oxford, England. The teen, whose uses the online monikers “White” and “breachbase,” purportedly has hacking skills so advanced that researchers initially believed they were reviewing automated activity. The Lapsus$ hacker group has drawn international scrutiny after breaching the systems of several major companies, including Okta, Microsoft, Samsung and Nvidia. Four cybersecurity researchers probing the hacks at the behest of impacted companies told Bloomberg they believe the teenager was a leading figure in some of Lapsus$ major hacks. The experts based their analysis on public information related to the group’s activities as well as forensic obtained in the hacks. Bloomberg was able to track down the hacker after his personal information, including home address and details about his parents, were leaked online – purportedly by rival hackers. The teen’s home was described as a “modest terraced house on a quiet side street about five miles from Oxford University” in England. A woman who answered the door told the outlet via an intercom system that she was the alleged hacker’s mother. She said she was unaware of her son’s suspected ties to the Lapsus$ hacker group and its recent actions, but was “disturbed” that personal information was posted online — which included videos of her home. The woman reportedly rejected interview requests on her son’s behalf and declined further comment – saying she planned to call the police to report the situation. Bloomberg withheld the suspected teen hacker’s name – citing the fact that he is a minor and that authorities have yet to charge him with a crime. Details on the Lapsus$ group, its motivations and its membership are scant. The researchers said they suspect a teenager living in Brazil to be another member. The hacker group is known for breaching the systems of major companies and demanding ransom payments in exchange for not releasing sensitive information such as internal documents and source code. In a lengthy blog post released on Tuesday, Microsoft confirmed that Lapsus$ hackers had gained “limited access” to one account by breaching its system, but noted its customers were not compromised in the breach. see also Microsoft also provided its findings to date on Lapsus$’s activities – referring to the group as “DEV-0537” for the purposes of its investigation. The post said the group has engaged in “a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.” “Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks. They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations,” Microsoft said. In its recent hack of Okta’s systems, Lapsus$ went as far as to post screenshots of the companies’ internal pages on social media. Okta later acknowledged the screenshots were genuine and said about 2.5% of its roughly 15,000 customers could be affected by the breach.
