7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.

Well that LAPSUS$ gang has been making headlines and with all of that attention, may have been taken down. What is interesting is the age of the members. It actually makes sense when you consider the techniques used by the group. The exploitation was pretty basic stuff such as standard metasploit techniques. What they really are good at is social engineering. What they are terrible at is covering their tracks.

Other groups like Anomalous have been around for a while and have made similar headlines as LAPSUS$. The difference between a young group like LAPSUS$ and Anomalous is how Anomalous has shown experience in exploitation via day zero tactics, antidetection against sophisticated security defenses and their ability to conceal their identities. Today’s exploitation tools make it easy for anybody to have the ability to compromise any size organization. LAPSUS$ is an example of this as the mastermind behind the group is said to be 16 years old. This leads to a major concern …. any adversary from well experienced hackers to a young teenager with access to common exploitation tools can own any size organization.


The HackerNews posted about this recent arrest. The original article from the hacker news can be found HERE. Here is that short release …


The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that’s linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It’s not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

“I had never heard about any of this until recently,” the teen’s father was quoted as saying to the broadcaster. “He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”

According to security reporter Brian Krebs, the “ringleader” purchased Doxbin last year, a portal for sharing personal information of targets, only to relinquish control of the website back to its former owner in January 2022, but not before leaking the entire Doxbin dataset to Telegram.

This prompted the Doxbin community to retaliate by releasing personal information on “WhiteDoxbin,” including his home address and videos purportedly shot at night outside his home in the U.K.

What’s more, the hacker crew has actively recruited insiders via social media platforms such as Reddit and Telegram since at least November 2021 before it surfaced on the scene in December 2021.

At least one member of the LAPSUS$ cartel is also believed to have been involved with a data breach at Electronic Arts last July, with Palo Alto Networks’ Unit 42 uncovering evidence of extortion activity aimed at U.K. mobile phone customers in August 2021.

LAPSUS$, over a mere span of three months, accelerated their malicious activity, swiftly rising to prominence in the cyber crime world for its high-profile targets and maintaining an active presence on the messaging app Telegram, where it has amassed 47,000 subscribers.

Microsoft characterized the group as an “unorthodox” group that “doesn’t seem to cover its tracks” and that uses a unique blend of tradecraft, which couples phone-based social engineering and paying employees of target organizations for access to credentials.

If anything, LAPSUS$’ brazen approach to striking companies with little regard for operational security measures appears to have cost them dear, leaving behind a forensic trail that led to their arrests.

The last message from the group came on Wednesday when it announced that some of its members were taking a week-long vacation: “A few of our members has a vacation until 30/3/2022. We might be quiet for some times. Thanks for understand us – we will try to leak stuff ASAP.”
Found this article interesting? Follow THN on FacebookTwitter  and LinkedIn to read more exclusive content we post.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.