Security researchers say a 16-year-old from England is the Lapsus$ group's mastermind; source: researchers identified seven unique accounts tied to Lapsus$
Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp. …
Bloomberg
Related Coverage
- A teen is reportedly the mastermind behind the Lapsus$ hacking group The Verge · Jay Peters
- View article CNET
- The fog of cyberwar — An actual shooting war on the ground makes the business of flagging … Axios · Scott Rosenberg
- Cybersecurity researchers trace Lapsus$ attacks to a teenager from England Engadget · Mariella Moon
- View article Android Authority
- View article Tom's Guide
- 6 Tech Giants That Have Been Breached by a Nefarious New Hacker Gang Gizmodo · Lucas Ropek
- View article The Mac Observer
- View article New York Post
- View article TechRadar
- View article TechSpot
- Looks Like Microsoft, Nvidia, Samsung, Okta Were Hacked By a Teenager PCMag · Matthew Humphries
- View article Insider
- UK teen suspected of masterminding Microsoft, Nvidia and Ubisoft hacks Video Games Chronicle · Tom Ivan
- View article cybernews.com
- Researchers Suspect 16 Years Old to Be Lapsu$ Mastermind Tom's Hardware · Anton Shilov
- Here's Everything you want to know about Lapsus$ Attack TechCircle · Sohini Bagchi
- A Teenager Might Be Responsible For Hacking Big Tech Companies Fossbytes
- Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England The Hacker News · Ravie Lakshmanan
- As teen hacker is linked to Lapsus$, Okta provides more details on data breach SiliconANGLE · Duncan Riley
- Report: Microsoft, Nvidia, Ubisoft Hacked By Suspected Teenagers Kotaku · Luke Plunkett
- Hundreds of companies potentially hit by Okta hack BBC
- Microsoft confirms hackers stole partial source code for Bing, Cortana MobileSyrup · Jonathan Lamont
- Teen Suspected By Cyber Researchers of Being Lapsus$ Mastermind Slashdot · BeauHD
- View article The Record
- Okta revises LAPSUS$ impact upwards to potentially 2.5% of customers ZDNet · Chris Duckett
- Mastermind of Lapsus$ Is Likely a Teen Living With His Mother in Oxford, England Metacurity · Cynthia Brumfield
- DEV-0537 criminal actor targeting organizations for data exfiltration and destruction Microsoft Security Blog
- Okta Confirms Lapsus$ Attack, While Microsoft Investigates Breach Claim Redmond · Kurt Mackie
- Microsoft says hacking group that struck Okta got ‘limited’ access to software giant MarketWatch · Steve Goldstein
- It's official, Lapsus$ gang compromised a Microsoft employee's account Security Affairs · Pierluigi Paganini
- Who is Lapsus$, the theatrical cyber gang that attacked Okta, Samsung, and Microsoft? TNW · Thomas Macaulay
- Microsoft confirms cyber attack, source code stolen GamesIndustry.biz · Danielle Partis
- Teenager Suspected by Cyber Researchers of Being Lapsus$ Mastermind Pixel Envy · Nick Heer
- Microsoft confirms hacking group stole source code via ‘limited access’ TechSpot · Shawn Knight
- Microsoft Security on the “Lapsus$” / DEV-0537 Hacking Group Daring Fireball · John Gruber
- ‘Single account’ compromise led to Microsoft's Lapsus$ code leak iTnews · Richard Chirgwin
- Microsoft Hacked by Same Group That Struck Nvidia and Samsung GameRevolution · Nicholas Tan
- Okta Says 366 Customers Impacted via Third-Party Breach Dark Reading · Jai Vijayan
- Okta's Investigation of the January 2022 Compromise Okta Inc. · David Bradbury
- Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying Security Affairs · Pierluigi Paganini
- ‘Two Months Is Too Long’: Tenable CEO Slams Okta's Breach Response CRN · Michael Novinson
- Who are Lapsus$ and did they hack Okta? The Sun · Aliki Kraterou
- Okta reveals full extent of LAPSUS$ breach as hackers announce hiatus IT PRO · Connor Jones
- OKTA breached by Lapsus$ Ransomware Gang Check Point Software
- Okta CSO: Lapsus Incident Was “Embarrassing” Infosecurity · Phil Muncaster
- Okta Under Fire Over Handling of Security Incident Wall Street Journal
- Okta and the Lapsus$ breach: 5 big questions VentureBeat · Kyle Alspach
- Okta names Sitel in Lapsus$ security incident impacting up to 366 customers ZDNet · Charlie Osborne
Discussion
-
@williamturton
William Turton
on x
Bless my colleague @jordanr1000, who went to the hacker's home in Oxford this morning and interviewed his mother. https://www.bloomberg.com/... https://twitter.com/...
-
@williamturton
William Turton
on x
The teen is suspected by the researchers of being behind some of the major hacks carried out by Lapsus$, but they haven't been able to conclusively tie him to every hack Lapsus$ has claimed. https://www.bloomberg.com/...
-
@williamturton
William Turton
on x
The teen is so skilled at hacking — and so fast— that researchers initially thought the activity they were observing was automated, another person involved in the research said. https://www.bloomberg.com/...
-
@williamturton
William Turton
on x
Bloomberg News isn't naming the alleged hacker, who goes by the online alias “White” and “breachbase,” who is a minor and hasn't been publicly accused by law enforcement of any wrongdoing. https://www.bloomberg.com/...
-
@williamturton
William Turton
on x
Lapsus$ has even gone as far as to join the Zoom calls of companies they've breached, where they have taunted employees and consultants who are trying to clean up their hack, according to three of the people who responded to the hacks. https://www.bloomberg.com/...
-
@williamturton
William Turton
on x
Another member of Lapsus$ is suspected to be a teenager residing in Brazil, according to the investigators. One person investigating the group said security researchers have identified seven unique accounts associated with the hacking group. https://www.bloomberg.com/...
-
@iblametom
Thomas Brewster
on x
There was some skiddie drama on this kid online - same as it ever was except this time there are major companies as victims and big money at stake. Everything tends to escalation in this space. https://twitter.com/...
-
@aprilwright
@aprilwright
on x
Threat actor #LAPSUS might be a 16 year old who lives with his mom Seems so unrealistic because I don't know anyone who was like that. None. Nobody. Not a single soul. Definitely not most of my friends. https://twitter.com/...
-
@williamturton
William Turton
on x
Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp., have traced the attacks to a 16-year-old living at his mother's house near Oxford, England. https://www.bloomberg.com/...
-
@divinetechygirl
@divinetechygirl
on x
Me waiting for the Netflix documentary. 🍿 https://twitter.com/...
-
@carnage4life
@carnage4life
on x
The Okta incident is a textbook worst case scenario for a company so central to its customers security. At this point, it may be near fatal for Okta if they have to do more walking back of home limited this breach was. It implies they can't detect issues even when looking. https:…
-
@kimzetter
Kim Zetter
on x
Okta's David Bradbury said his company only received forensic report yesterday from the third-party company Sykes that had been breached. He admitted that Okta should have acted more swiftly to ascertain what occurred. He did not take any questions from participants on Zoom call.
-
@_mg_
@_mg_
on x
... and quite a journey from the original statement, we finally arrive at 366 customers potentially impacted. Detailed logs being shared with those customers. That's good! I wouldn't be surprised if LAPSUS$ drops more loot from their slack, etc. Hopefully Okta has cleaned that up…
-
@runasand
Runa Sandvik
on x
This incident timeline from Okta is pretty interesting. Breach of Sitel happened in January, but Okta did not receive a complete investigation report until after Lapsus$ shared the screenshots. https://www.okta.com/... https://twitter.com/...
-
@shoghicp
@shoghicp
on x
SCP-0537? “DEV-0537 is known to monitor and intrude in incident response communications. As such, these communication channels should be closely monitored for unauthorized attendees and verification of attendees should be performed visually or audibly.” https://www.microsoft.com/…
-
@raj_samani
Raj Samani
on x
LAPSUS$ “has been observed joining the organization's crisis communication calls and internal discussion boards (Slack, Teams, conference calls, and others) to understand the incident response workflow” https://www.microsoft.com/... #cybersecurity #infosec #malware H/T @msftsecur…
-
@nixcraft
@nixcraft
on x
This is so wild. DEV-0537 (LAPSUS$) Criminal actor targeting organizations https://www.microsoft.com/... This group is publicly offering money to employees for credentials, VPN and other data. I never heard any hacking group doing such thing previously. Stay safe everyone.
-
@razhael
Raphael Satter
on x
New: Authentication firm Okta says up to 366 customers were potentially affected by Lapsus$ gang intrusion. One executive calls the count a “worst case scenario.” https://www.reuters.com/...
-
@arekfurt
Brian
on x
“Our investigation determined that the screenshots, which were not contained in the Sitel summary report, were taken from a Sitel support engineer's computer upon which an attacker had obtained remote access using RDP.” https://www.okta.com/... https://twitter.com/...
-
@msftsecurity
@msftsecurity
on x
Microsoft Security has been tracking criminal actor DEV-0537 (LAPSUS$) targeting organizations with data exfiltration and destructive attacks - including Microsoft. Analysis and guidance in our latest blog: https://www.microsoft.com/...
-
@briankrebs
@briankrebs
on x
It's tempting to dismiss LAPSUS$ as childish and fame-seeking. That may be true. But everyone in charge of security should know that this level of social engineering to steal access is the new norm. Microsoft's post-mortem on this group is worth reading: https://www.microsoft.com…
-
@krisnova
Kris Nóva
on x
Fascinating to see how the security field is responding to LAPSUS$ and honestly I'm here for this level of sticking it to the man. LAPSUS$ is paying 20k a week for inside jobs which is nothing for a corporation like Microsoft to cough up. https://krebsonsecurity.com/ ...
-
@kellygoetsch
Kelly Goetsch
on x
This is terrifying. “Microsoft says LAPSUS$ — which it boringly calls DEV-0537 — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners.” https://krebsonsecurity.com/ ...
-
@billywhizz1970
Andrew Johnston
on x
“The group has claimed it is not state-sponsored. The individuals behind the group are likely experienced and have demonstrated in-depth technical knowledge and abilities” https://krebsonsecurity.com/ ...
-
@briankrebs
@briankrebs
on x
Experts say the LAPSUS$ data extortion group that hit Okta and Microsoft this week is run by a 17-year-old from the UK who recently bought the Doxbin doxing website, and then leaked its database. Naturally, Doxbin responded by doxing the LAPSUS$ leader. https://krebsonsecurity.co…
-
@eastdakota
@eastdakota
on x
We are resetting the @Okta credentials of any employees who've changed their passwords in the last 4 months, out of abundance of caution. We've confirmed no compromise. Okta is one layer of security. Given they may have an issue we're evaluating alternatives for that layer.
-
@gossithedog
Kevin Beaumont
on x
“We have not found evidence of a security breach of client's systems” say Sykes. Lapsus literally posted screenshots. https://twitter.com/...
-
@kimzetter
Kim Zetter
on x
Okta now says about 2.5% of its customers have potentially been impacted by the breach and their data “may have been viewed or acted upon. We have identified those customers and are contacting them directly.” https://www.okta.com/...
-
@malwarejake
Jake Williams
on x
Hey @okta, if you're curious what customer transparency looks like in incident response, @Cloudflare has you covered... https://t.co/1rME8MexBU
-
@quinnypig
Corey Quinn
on x
As a customer, very little pisses me off more than learning how you were compromised from someone else instead of directly from you. https://t.co/GEWzwWwFM2
-
@suhail
@suhail
on x
Counter statement by LAPSUS$ https://twitter.com/...
-
@jschauma
Jan Schaumann
on x
Updated Okta statement: https://www.okta.com/... We went from “pfft, this was sooooo long ago, nothing to see here” to “whoops, one support engineer, but no biggie” to “oh, ok, so almost 400 customers' data may have been modified” in about 12 hours. 🍿
-
@gazthejourno
Gareth Corfield
on x
On Okta, the @NCSC told me me last night it had “not seen any evidence of impact in the UK.” Meanwhile the company has since admitted 2.5% of its customers had their data “viewed or acted upon”. That's ~400 firms. https://www.okta.com/...
-
@troyhunt
Troy Hunt
on x
“The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.” https://www.okta.com/...
-
@wbm312
Whitney Merrill
on x
Why on earth would you post any statement saying you weren't hacked before having a full copy of the investigation report in your hands? https://www.okta.com/...
-
@evacide
Eva
on x
Okta nows says 2.5% of customers may have been impacted and they are contacting them. This seems like something they should have done two months ago. https://www.okta.com/...
-
@bleepincomputer
@bleepincomputer
on x
Okta's Tuesday night update now says the Lapsus$ breach impacted 2.5% of their customers. Using their own numbers of over 15,000 customers, the breach has affected 375 organizations. Going to be a long night for many admins.
-
@riskybusiness
Patrick Gray
on x
Okta has put out another statement since we recorded but it still strikes me as a tad thin. Lots of talk about what the attacker couldn't do, nothing about what they *could* do. https://www.okta.com/... https://twitter.com/...