The Lapsus$ hacking group first made headlines when it waged a ransomware attack against the Brazilian Ministry of Health in December 2021, compromising the COVID-19 vaccination data of millions within the country.
Since then, it has targeted a number of high-profile technology companies, stealing data from Nvidia, Samsung, Microsoft, and Vodafone. Lapsus$ also managed to disrupt some of Ubisoft’s services and also gained access to an Okta contractor’s laptop, putting the data of thousands of companies that use the service at risk. It’s also suspected to be behind last year’s attack on EA Games.
Shortly after the attack on Okta, a report pinned an England-based teenager as the mastermind behind the hacking group and said another teen member may reside in Brazil. One member of the group is reportedly so skilled at hacking that researchers thought their work was automated. On March 24th, the London police made seven arrests in connection with the Lapsus$ group, all of whom are teenagers.
Here are all the latest updates on the Lapsus$ group.
A London jury has found that a teenage member of the Lapsus$ hacking group carried out the high-profile cyberattacks on Rockstar Games, Uber, and Nvidia, according to a report from the BBC. The Southwark Crown Court jury that the 18-year-old Arion Kurtaj committed 12 offenses, including blackmail, fraud, and several violations of the UK’s Computer Misuse Act.Read Article >
Kurtaj was arrested several times within the past two years but continued to carry out cyberattacks on several companies, such as Nvidia, by using social engineering and SIM-swapping techniques. London police arrested Kurtaj for the final time in September 2022 after he violated bail conditions that banned him from using the internet.
The US Cybersecurity and Infrastructure Security Agency (CISA) is calling for stricter SIM swapping protections and the transition to a passwordless future following last year’s Lapsus$ attacks. In a lengthy report released on Thursday, the agency details the teen hacking group’s key techniques and provides recommendations to prevent similar attacks going forward.Read Article >
Lapsus$ made headlines last year after it took credit for the cyberattacks affecting major tech companies like Nvidia, Samsung, Ubisoft, T-Mobile, Uber, and Microsoft. The group also managed to steal and leak 90 videos containing gameplay footage from Rockstar’s upcoming Grand Theft Auto VI game. Seven teenagers connected to the group were arrested in London last year.
Jul 16A teenager accused of hacking Rockstar Games has been deemed unfit to stand trial.
18-year-old Arion Kurtaj, who is accused of participating in a hacking spree that resulted in leaked early gameplay footage of Grand Theft Auto VI, has been deemed mentally unfit to stand trial in a London court, according to Reuters.
As a result, the trial jury will “determine whether he committed the acts,” but won’t determine his guilt. Kurtaj was allegedly part of Lapsus$, a hacking group that gained notoriety for several high-profile cyberattacks last year.
Sep 26, 2022
The City of London police report they’ve arrested a 17-year-old in Oxfordshire on suspicion of hacking and said he remains in custody. In a follow-up tweet the next day, the police confirmed the teen has been charged with two counts of breach of bail conditions and two counts of computer misuse. A hearing was scheduled for Saturday, but as of Monday morning, no further details have been released.Read Article >
Police declined to say what incident the arrest was in connection with, but many of the details line up with recent high-profile hacks. This spring, the City of London police arrested and released seven teenagers in connection with an investigation into the Lapsus$ hacking group. Today’s arrest also comes just days after two security breaches believed to be connected to Lapsus$, with the leak of early Grand Theft Auto 6 footage due to a “network intrusion” and a security breach at Uber that caused it to take several internal systems offline for a while.
Sep 19, 2022
Uber said that a hacker associated with the Lapsus$ hacking group was to blame for a breach of its internal systems last week, while reiterating that no customer or user data was compromised during the attack.Read Article >
The hack, which was discovered last Thursday, forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform.
Sep 19, 2022
Rockstar has confirmed the Grand Theft Auto VI footage leaked online over the weekend was stolen from its network. The user who posted the gameplay, “teapotuberhacker,” claims they also carried out an attack on Uber that occurred last week, but it’s still unclear whether they’re actually connected.Read Article >
“We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto,” Rockstar says on Twitter. “We are extremely disappointed to have any details of our next game shared with you all in this way. Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations.”
Sep 18, 2022
Footage of Grand Theft Auto VI, Rockstar’s next entry in its open-world franchise, has leaked online. PC Gamer reports that a user on the GTA Forums has posted a 3GB file full of 90 videos of GTA VI footage. It’s not exactly clear how the footage was obtained, but the “teapotuberhacker” poster claims to be behind the unrelated Uber hack late last week, and says they may “leak more data soon” including GTA V and GTA VI source code, assets, and testing builds.Read Article >
The massive leak lines up with some earlier reporting on GTA VI, showing a female playable character in some clips. Bloomberg reported earlier this year that GTA VI would include a female protagonist influenced by Bonnie and Clyde. Bloomberg reporter Jason Schreier says he has verified the leak is real through sources at Rockstar Games.
Apr 23, 2022
The Lapsus$ hacking group stole T-Mobile’s source code in a series of breaches that took place in March, as first reported by Krebs on Security. T-Mobile confirmed the attack in a statement to The Verge, and says the “systems accessed contained no customer or government information or other similarly sensitive information.”Read Article >
In copies of private messages obtained by Krebs, the Lapsus$ hacking group discussed targeting T-Mobile in the week prior to the arrest of seven of its teenage members. After purchasing employees’ credentials online, the members could use the company’s internal tools — like Atlas, T-Mobile’s customer management system — to perform SIM swaps. This type of attack involves hijacking a target’s mobile phone by transferring its number to a device owned by the attacker. From there, the attacker can obtain texts or calls received by that person’s phone number, including any messages sent for multi-factor authentication.
Apr 20, 2022
Three months after authentication platform Okta was breached by hacking group Lapsus$, the company has concluded its internal investigation after finding that the impact was less serious than initially believed.Read Article >
In a blog post published Tuesday, Okta’s chief security officer David Bradbury noted that the company had been transparent by sharing details of the hack soon after it was discovered but that further analysis had downgraded early assessments of the potential scope.
Mar 30, 2022
After a short “vacation,” the Lapsus$ hacking gang is back. In a post shared through the group’s Telegram channel on Wednesday, Lapsus$ claimed to have stolen 70GB of data from Globant — an international software development firm headquartered in Luxembourg, which boasts some of the world’s largest companies as clients.Read Article >
Screenshots of the hacked data, originally posted by Lapsus$ and shared on Twitter by security researcher Dominic Alvieri, appeared to show folders bearing the names of a range of global businesses: among them were delivery and logistics company DHL, US cable network C-Span, and French bank BNP Paribas.
Mar 24, 2022
City of London Police have arrested seven teenagers due to their suspected connections with a hacking group that is believed to be the recently prolific Lapsus$ group, BBC News reports.Read Article >
“The City of London Police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan of the City of London Police said in a statement to The Verge. “Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing.”
Mar 23, 2022
In recent weeks, the Lapsus$ hacking group has taken credit for accessing company data from Nvidia, Samsung, Ubisoft, Okta, and even Microsoft, and according to a new Bloomberg report, an England-based teenager might be the person heading up the operation.Read Article >
“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who apparently uses the online aliases “White” and “breachbase,” has not been accused by law enforcement, and the researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,” Bloomberg said.
Mar 23, 2022
After the disclosure of a hack affecting its authentication platform, Okta has maintained that the effects of the breach were mostly contained by security protocols and reiterated that users of the service do not need to take corrective action as a result.Read Article >
The statements were made by David Bradbury, chief security officer at Okta, in a video call with customers and press Wednesday morning.
The hacking group Lapsus$, known for claiming to have hacked Nvidia, Samsung, and more, this week claimed it has even hacked Microsoft. The group posted a file that it claimed contains partial source code for Bing and Cortana in an archive holding nearly 37GB of data.Read Article >
On Tuesday evening, after investigating, Microsoft confirmed the group that it calls DEV-0537 compromised “a single account” and stole parts of source code for some of its products. A blog post on its security site says Microsoft investigators have been tracking the Lapsus$ group for weeks, and details some of the methods they’ve used to compromise victims’ systems. According to the Microsoft Threat Intelligence Center (MSTIC), “the objective of DEV-0537 actors is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction.”
Okta, an authentication company used by thousands of organizations around the world, has now confirmed an attacker had access to one of its employees’ laptops for five days in January 2022 and that around 2.5 percent of its customers may have been affected — but maintains its service “has not been breached and remains fully operational.”Read Article >
The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
Mar 12, 2022
Ubisoft says it experienced a ‘cyber security incident’, and the purported Nvidia hackers are taking credit
Ubisoft experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft hasn’t said who might be responsible, but on Friday evening, the group who purportedly hacked Nvidia took credit.Read Article >
Ubisoft said it believes that “at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident” and says that games and services are now “functioning normally.” Out of caution, the company also “initiated a company-wide password reset.” When asked for comment, Ubisoft spokesperson Jessica Roache said the company had no additional details to share.
Mar 7, 2022
Hackers have successfully stolen internal company data and source code for Galaxy devices from Samsung, the South Korean tech giant confirmed today.Read Article >
News of the breach was first reported earlier this month, with a hacking outfit named Lapsus$ claiming responsibility. The group, which recently hacked Nvidia, shared screenshots purportedly showing roughly 200GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware.
Mar 4, 2022
Nvidia never denied that it got hacked. The GPU giant just didn’t say all that much about what happened, either.Read Article >
But now — as we wait to see whether the hackers make good on their threat to dump hundreds of gigabytes of proprietary Nvidia data on the web, including details about future graphics chips, by an unspecified Friday deadline — the compromised email alert website Have I Been Pwned suggests that the scope of the hack includes a staggering 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords (via TechCrunch).
Mar 2, 2022
Nvidia has confirmed that it was hacked — and that the actor behind last week’s “incident” is leaking employee credentials and proprietary information onto the internet. In a statement to PCMag, Bloomberg, and VideoCardz, the company says it became aware of the breach on February 23rd, and that it does “not anticipate any disruption to [its] business or our ability to serve our customers as a result of the incident.”Read Article >
Hacking group Lapsus$ has claimed responsibility for the attack, and has demanded that Nvidia make its drivers open-source if it doesn’t want more data leaked. Nvidia hasn’t necessarily agreed to those demands; the company says it’s made improvements to its security, notified law enforcement, and is working with cybersecurity experts to respond to the attack.
Feb 26, 2022
Nvidia is confirming to The Verge, Bloomberg, Reuters, and others that it’s investigating an “incident” — hours after The Telegraph reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.Read Article >
“We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” reads a statement via Nvidia spokesman Hector Marinez.