Police in London have arrested seven younger individuals between the ages of 16 and 21 for allegedly hacking Microsoft and Okta below the hacker group identify LAPSUS$. All seven individuals have been launched and none have been formally charged with a criminal offense. A minimum of not but.
“The Metropolis of London Police has been conducting an investigation with its companions into members of a hacking group,” Detective Inspector Michael O’Sullivan of the Metropolis of London Police informed Gizmodo in an emailed assertion early Friday.
“Seven individuals between the ages of 16 and 21 have been arrested in reference to this investigation and have all been launched below investigation. Our enquiries stay ongoing,” O’Sullivan continued.
The LAPSUS$ hacking group not too long ago took credit score for hacking Microsoft, posting supply code to Cortana and Bing. And earlier this week the identical group boasted on its Telegram channel that it had infiltrated Okta, a declare that was partially true however wildly inflated.
In actuality, a subcontractor for Okta had been hacked in January, giving the LAPSUS$ hackers momentary entry to some delicate portals within the authentication firm.
From Okta’s publish mortem clarification of the hack:
The state of affairs right here is analogous to strolling away out of your pc at a espresso store, whereby a stranger has (nearly on this case) sat down at your machine and is utilizing the mouse and keyboard. So whereas the attacker by no means gained entry to the Okta service by way of account takeover, a machine that was logged into Okta was compromised and so they had been in a position to get hold of screenshots and management the machine by the RDP session.
If the LAPSUS$ hacking group actually does develop into the work of some teenagers it might affirm suspicions that whoever was infiltrating these firms was inexperienced and beginner. For one factor, ransomware hackers usually encrypt giant quantities of delicate information, demanding cost earlier than unlocking the information for the corporate. Within the case of LAPSUS$, the hackers have dealt in a extra direct route of extortion, stealing information however not depriving the corporate of it by encryption. The LAPSUS$ hackers then would demand cash or they might leak the information publicly.
Did the London Police nab the best hackers? Solely time will inform. And proper now we don’t have loads of details about who they’ve truly grabbed off the road.