The Lapsu$ hacking group has made quite a splash in the recent weeks as it has managed to infiltrate and steal confidential information from corporate networks belonging to Microsoft, Nvidia, and Samsung. Researchers investigating the attacks believe that the group was led by a 16-year-old from England, who was assisted by another teenager from Brazil, which might explain why the group did not behave like other contemporary hackers.
Four investigators looking into Lapsu$ on behalf of attacked companies suspect that the mastermind of the group is a 16-year-old who lives with his mother in Oxford, England, reports Bloomberg. Another member of the group is a teenager from Brazil, who is said to be so capable of hacking that investigators at first believed that the activity they were witnessing was automated. So far, law enforcers have not formally charged the suspects with any wrongdoing. The group includes at least seven members.
Like other hacking groups seeking profits, Lapsu$ intrudes corporate networks of companies, steal confidential data, and then demand ransom for not releasing it. But in addition to profits, notoriety is another motive that drives the group, some experts believe. Furthermore, the group has poor operational security, which means that they themselves can be hacked, according to Microsoft, which calls the group DEV-0537.
"Unlike most activity groups that stay under the radar, DEV-0537 doesn't seem to cover its tracks," a Microsoft blog post reads. "They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations. DEV-0537 also uses several tactics that are less frequently used by other threat actors tracked by Microsoft. […] DEV-0537 focused their social engineering efforts to gather knowledge about their target's business operations. Such information includes knowledge about employees, team structures, help desks, crisis response workflows, and supply chain relationships. Examples of these […] tactics include spamming a target user with multifactor authentication (MFA) prompts and calling the organization's help desk to reset a target's credentials."
Given the way Lapsu$ operates, it is evident that the organization is rather large and includes members with different skillsets. Assuming that we are indeed dealing with a large organization, we can only wonder whether it could indeed be led by a teenager.
Assuming that the researchers have correctly identified members of the group and its leader, it will only be a question of time before it is cracked. However, hacking groups using similar tactics, techniques, and procedures will likely emerge in the future.
Microsoft believes that fighting hacking groups like Lapsu$ involves not only usual cybersecurity methods, but also things like insider risk programs. As a result, Microsoft not only recommends implementing more robust security methods, but reviewing things like help desk policies, educating employees, and recommending members of technical teams to report any unusual contacts with colleagues.