British police have arrested several young people in connection with the notorious Lapsus ransom attacks, including one 16-year-old from Oxford thought to be the group’s ringleader.
City of London police cuffed seven individuals between the ages of 16 and 21, all of whom have been released under investigation, according to the BBC.
It’s unclear if the Oxford teen is among these. However, the individual, known online as “White” or “Breachbase,” apparently has autism and attends a special education school in the university town.
The boy was doxxed online after falling out with his colleagues. They reportedly posted his personal details and the fact he’d accumulated close to $14m in Bitcoin from his exploits.
In the end, he was tracked fairly easily after making some crucial opsec errors.
“We’ve had his name since the middle of last year and we identified him before the doxxing,” Allison Nixon, chief research officer at cybersecurity investigation company Unit 221B, told the BBC.
“Unit 221B working with Palo Alto Networks after identifying the actor, watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes.”
The group was initially thought to hail from South America, although it now appears that just one member is Brazilian.
Lapsus has a string of high-profile victims, including Samsung, Nvidia, Vodafone, Microsoft and Okta. It was thought that their compromise of an Okta contractor’s laptop may have provided access to the other tech firms, although that now appears unlikely.
According to Microsoft, among their tactics for compromise were SIM swapping, phishing, vishing and paying insiders for access. Lapsus members have even joined crisis comms Zoom calls held by victim organizations to taunt employees.
It’s unclear how many members of the group remain at large.