The City of London Police has been investigating members of a hacking organisation. Two juveniles, ages 16 and 17, have been charged in connection with this investigation and are being held in police custody. They were arrested last week on suspicion of having ties to the LAPSUS$ data extortion ring.
According to the BBC, the two appeared in Highbury Corner Magistrates Court on Friday and were released on bail. Because both defendants are minors, UK officials did not release any information about their identities. The Federal Bureau of Investigation (FBI) in the United States has indicated that it is looking for information on the whereabouts of the Lapsus$ gang.
Ongoing Investigation
On March 25, the City of London Police arrested seven accused LAPSUS$ gang members ranging in age from 16 to 21. According to the agency’s statement to news reporters, all of the individuals were later freed under investigation.
However, the arrests have yet to have an impact on the cartel’s operations. On March 30, the data extortion ring returned from a “holiday” to release 70GB of data belonging to software services firm Globant. The Luxembourg-based company said it is “doing an extensive investigation” and is “taking strict measures to prevent such incidents.”
About The LAPSUS$ Group
LAPSUS$ is a relative newcomer to the crowded field of digital extortion. They astounded and perplexed cyber-security professionals with their combination of immature pranks and high-level access to some of the world’s largest corporations. LAPSUS$ has garnered a reputation for their hacking binge in a few of months. This is the result of their involvement in a number of high-profile cyberattacks.
LAPSUS$ group has a Telegram channel that has around 58,000 subscribers. They stole and published source code from a number of top-tier IT companies on their channel. The organization acquires initial access to the victims’ networks through social engineering, employee account hacking, and SIM swapping.
The gang steals data deemed important after breaking into the networks of target companies. They frequently steal source code as well. Then they try to blackmail the victim by threatening to publish the information online. Lapsus$ makes no use of file-encrypting malware. The hacker organisation has targeted companies such as Microsoft Corp. and Okta Inc., an authentication services provider used by thousands of large corporations.
Endnote
A City of London police spokesperson refuses to confirm or deny that the youths were charged in connection with the Lapsus$ probe.
