Seven people have been arrested in connection with Lapsus$ hacks

The City of London Police force has arrested seven people in connection with the Lapsus$ hacking group.

The hacking collective, which may be based in South America, is thought to be responsible for a series of cyber-attacks against major technology companies including Nvidia, Microsoft, Ubisoft, Samsung and Vodaphone.

A 16-year-old from Oxford, who is suspected of being one of the group’s leaders is alleged to have accumulated some $14 million (£10.6m) from cyber crime.

The teenager’s personal information, including his address, was reportedly posted online by fellow hackers this week, although City of London Police didn’t confirm if he was one of those arrested.

“Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group,” the force said. “They have all been released under investigation. Our inquiries remain ongoing.”

The father of the boy, who is autistic and attends a special educational school, told the BBC he was unaware of the situation until recently.

“He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games,” he said.

“We’re going to try to stop him from going on computers.”

Security researchers investigating the attacks claim to have been following the teenager since last year after he made mistakes in covering his tracks.

His identity, which can’t be published for legal reasons, was outed on a hacker website this week following what appears to be a falling out with former associates.

“After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is now] affiliated with a wannabe ransomware group known as ‘Lapsus$’, who has been extorting & ‘hacking’ several organisations,” fellow hackers claimed.

Related

2

Microsoft confirms it’s been hacked by the same group that targeted Nvidia, Samsung

This is the latest in a string of attacks by the group

Earlier this month, Lapsus$ claimed responsibility for a cyber attack on Nvidia, which may have included the theft of source code for the company’s DLSS technology.

Shortly after, the group claimed to be behind an attack on Samsung which saw a significant amount of data stolen, including algorithms for biometric tech the company uses across its products.

On March 10, Ubisoft announced it had suffered a cyber security incident too. And on Wednesday, Microsoft confirmed partial source code for Bing and Cortana had been stolen following an attack.