In recent weeks, the hacking group Lapsus$ has been given credit for accessing corporate data from Nvidia, Samsung, Ubisoft, Okta and even Microsoft, and according to a new Bloomberg reporta teenager living in England could be the person directing the operation.
“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teen is the brain,” Bloomberg said. However, the teen, who apparently uses the online aliases “White” and “breachbase,” has not been charged by law enforcement, and investigators “have not been able to definitively link him to every hack Lapsus$ has claimed.” Bloomberg said.
The teen apparently lives about five miles outside Oxford University, and… Bloomberg says he was able to talk to his mother for ten minutes via a “doorbell intercom system” at home. The teen’s mother told the publication that she was not aware of any allegations against him. “She declined to talk about her son in any way or make him available for an interview, saying the matter was a matter for law enforcement and she was contacting the police.” Bloomberg said.
Apparently Lapsus$ doesn’t just consist of the teenager living in England. Bloomberg reports that a suspicious member is another teen in Brazil and that seven unique accounts are associated with the group. One of the members is apparently such a capable hacker that researchers believed the work was automated, a person involved in research told about the group Bloomberg†
According to cybersecurity expert Brian Krebs, a core member of Lapsus$, who may have used the aliases “Oklaqq” and “WhiteDoxbin”, also purchased Doxbin, a website where people can post or search for other people’s personal information for doxing purposes. This WhiteDoxbin person apparently wasn’t the best admin and had to sell the site back to its previous owner, but leaked “the full Doxbin dataset”, leading to the Doxbin community doxing WhiteDoxbin“including videos supposedly taken at night outside his home in the UK,” Krebs reported.
Krebs also reports that this person may be behind EA’s data breach that took place last year. What can the person connect between? Bloomberg and Krebs’ is the name ‘breachbase’.
In May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, introducing themselves as “@infringement basis† The news of EA’s hack last year was first posted in the cybercrime underground by user “Breachbase” in the Anglophone hacker community RaidForumsrecently seized by the FBI.