Police Arrest Suspected Hackers in Wake of Lapsus$ Attack on Okta, Report Says


London police reportedly made several arrests as part of an investigation into hacking groups.

Getty Images

UK police arrested seven people, including teenagers, in connection with an investigation into a hacking group, according to CNET sister site ZDNet. The arrests followed a Bloomberg report that a teen was the mastermind behind the Lapsus$ hacking group, which has claimed responsibility for data hacks of Samsung and Nvidia, as well as recently revealed breaches at Microsoft and Okta.

The people arrested range in age from 16 to 21, and have all been released under investigation, the City of London Police reportedly said. The law enforcement body, which polices the UK capital’s financial district, didn’t directly name Lapsus$, and none of those arrested were formally charged.

Four researchers investigating Lapsus$ suspect that a teen living in the UK who goes by the online alias “White” and “breachbase” is running group’s activities, Bloomberg reported. However, the teen, whom Bloomberg didn’t identify because of his age, hasn’t been accused of a crime by law enforcement, and the researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,” Bloomberg reported.

Bloomberg said the boy’s mother spoke with one of his reporters for about 10 minutes through a doorbell intercom system at the home, located about 5 miles from Oxford University. She reportedly said she was unaware of the allegations against her son and declined to discuss him or make him available for an interview.

The group, believed to be based in South America, also includes another teenager living in Brazil, among others, according to Bloomberg. The teens’ high level of skill initially led researchers to believe that what they were observing was automated, one persona involved in the research told the news agency.

The use by Lapsus$ of social media makes it unusual in the hacking arena. On Monday, the group allegedly posted online screenshots to its Telegram channel of what appeared to be Okta’s internal tickets and its in-house chat on Slack, the messaging app. The identity authenticator giant, which counts more than 15,000 companies as customers, said about 2.5% of its customers may have been impacted.

Microsoft, which was also targeted by Lapsus$ recently, said it interrupted a data hack by the group after it publicly disclosed the operation on social media. Microsoft said the hackers gained “limited access” to a single account, noting that Lapsus$ doesn’t seem concerned with hiding its activity.

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion,” Microsoft said in a blog post Tuesday. “This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

The City of London Police did not immediately respond to request for further comment.

Leave a Reply