Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta?

Image for article titled Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech's Biggest Companies?

Image: Issaro Prakalung / EyeEm (Getty Images)

For the past three months, a mysterious hacker gang has been giving Silicon Valley a migraine of epic proportions. LAPSUS$, a band of cybercriminals with unorthodox techniques and a flare for the dramatic, has been on a white hot streak—lining tech companies up and knocking em’ down like bowling pins.

The gang’s targets are big: Microsoft, Samsung, Nvidia, Ubisoft, and, most recently, identity verification firm Okta, have all been hit with humiliating cyberattacks. In nearly all these cases, LAPSUS$ wormed its way deep into the corporations’ networks, where it then stole pieces of source code—the digital DNA of proprietary software. After that, the gang almost always leaked the code all over the internet, embarrassing the victim and spilling company secrets into the ether.

The group’s hacking acumen has led it into the innermost sanctums of multi-billion dollar companies, but some security researchers say that LAPSUS$ may ultimately be composed less of hardened cybercriminals than undisciplined amateurs. Indeed, a bunch of them may be literal children. On Thursday, British authorities announced the arrest of seven people said to be connected to the gang, the likes of which allegedly ranged in age from 16 to 21. The ringleader of the gang is reputed to be a 16-year-old kid from Oxford, England. That hacker, who goes by the pseudonym “White,” appears to have recently had his identity leaked to the internet by a rival cybercrime faction. In short: after a string of victories and a lot of notoriety, things don’t appear to be going particularly well for LAPSUS$—and the group may be in over their heads.

“Unlike most activity groups that stay under the radar…[LAPSUS$] doesn’t seem to cover its tracks,” said researchers with Microsoft’s Threat Intelligence Center, in a recent blog post. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations…[the gang] also uses several tactics that are less frequently used by other threat actors tracked by Microsoft.” Yet it’s those very tactics that make the gang so fascinating.