View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 24, 2022updated 12 Jul 2022 5:08am

UK police arrest seven teenagers in connection to Lapsus$

Arrests follow the reported outing of a British 16-year-old as the group's mastermind.

By Pete Swabey

The City of London police force has revealed the arrest of seven teenagers in connection to the hacking group Lapsus$ that has successfully breached tech companies including Microsoft, Samsung and Nvidia in recent weeks, the BBC has reported.

The news comes after a 16-year-old boy was accused of being the mastermind behind the group by researchers and other hackers, as first reported by Bloomberg.

Lapsus$ arrest
The City of London Police has not confirmed whether the arrested youths include the 16-year-old accused of being Lapsus$’s mastermind. (Photo by HieronymusUkkel)

Cybersecurity research teams at Unit 221B and Palo Alto have been tracking the individual since the middle of last year, Allison Nixon, Unit 221B’s chief research officer told the BBC. They had “watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes”.

Police have not confirmed whether the individual is among the seven arrested today.

Lapsus$ had confused cybersecurity experts with its combination of sophistication and naivety. Although apparently adept at recruiting insiders and stealing credentials, the group is “notoriously brazen about its activities and has previously announced its plans for insiders at specified companies,” Chris Morgan, senior threat intelligence analyst at Digital Shadows, told Tech Monitor yesterday.

This public visibility put the group at risk of arrest, said a security researcher speaking on the condition of anonymity. “They’re not thinking about the consequences that maybe a more experienced cybercrime actor would be wary of,” they said.

This behaviour led researchers to compare Lapsus$ to the hacktivist groups of the 2010s. “Lapsus$ do not necessarily represent a new threat, but a re-emergence of the days of Anonymous and Lulzsec from the mid-2010s, where hacking was used more for notoriety and political statements than financial gain,” said Toby Lewis, global head of threat analysis at Darktrace. 

Content from our partners
<strong>Powering AI’s potential: turning promise into reality</strong>
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

A number of British teenagers were arrested in connection to Lulzsec, whose victims include the PlayStation Network.

Last year, Tech Monitor documented the return of the hacktivists. Experts described a new generation of hackers who had been radicalised by the Black Lives Matter protest movement and who targeted online services connected to the ‘alt-right’.

Since then, the war in Ukraine has attracted a new wave of ‘cyber partisans’, volunteer hackers lending support to either side of the conflict. Earlier today, Anonymous claimed it had hacked the Central Bank of Russia.

Read more: The biggest cryptocurrency hacks of all time

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.