Lapsus$, which is seen as the most active threat group of recent weeks seen as responsible for attacks like Okta, Samsung, Nvidia and others. Before announcing the Okta breach, Lapsus$ also had threatened to breach Microsoft.
At the beginning of the week, Bloomberg reported that the leader of the group may be a 16-year-old English teenager.
After all these events, City of London police have arrested seven teenagers aged 16 to 21 accused of being members of the Lapsus$ group.
According to the BBC, the City of London Police have arrested seven alleged Lapsus$ members, but the leader of the group is among them has not been specified. At the time of the investigation, all of them were released. The investigation continues.
“He never said anything about any hacking, but he is good with computers and spends a lot of time on them. I always thought he was playing games. We intend to limit him from computers,” the father of aforementioned boy admitted.
Lapsus$ deploys several tactics to compromise systems that other threat actors use less frequently.
“Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multi factor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets,” said Microsoft in their blog about tactics and techniques of Lapsus$.
Lapsus$ also prefer to use Telegram for their announcements instead of forums in Dark Web or social media. Lastly, the group announced on Telegram that they will be on vacation until 30th of March, just after Okta breach.
Meanwhile, the group announced a new member as new chat moderator on Telegram today.