In recent weeks, hacking group Lapsus$ has made a name for itself for accessing company data from Nvidia, Samsung, Ubisoft, Okta and even Microsoft, and an England-based teenager could be the person who, according to a new Bloomberg report directs the operation.
“Four researchers working on behalf of companies under attack to investigate hacking group Lapsus$ said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who appears to be using the online aliases “White” and “breachbase,” has not been charged by law enforcement, and researchers “were unable to conclusively link him to every hack Lapsus$ has alleged,” Bloomberg said .
The teenager appears to live about five miles outside of Oxford University, and Bloomberg says he was able to speak to his mother for 10 minutes on a “doorbell intercom” inside the house. The teen’s mother told the publication she was unaware of any allegations against him. “She declined to discuss her son in any way or make him available for an interview, saying the issue was a law enforcement matter and she was contacting the police,” Bloomberg said.
However, Lapsus$ does not only consist of the teenager living in England. Bloomberg reports that an alleged member is another teenager in Brazil and that seven unique accounts have been linked to the group. One of the members appears to be such a skilled hacker that researchers thought the work was automated, a person involved in researching the group told Bloomberg.
According to cybersecurity expert Brian Krebs, a core member of Lapsus$, who may have used the aliases “Oklaqq” and “WhiteDoxbin,” he also bought Doxbin, a website that allows people to post or search for personal information of others in order to use doxen . This WhiteDoxbin person apparently wasn’t the best admin and had to sell the site back to its previous owner, but leaked “the entire Doxbin record,” resulting in the Doxbin community doxing WhiteDoxbin, “including videos that allegedly were filmed the night before his home in the UK,” said Krebs.
Krebs also reports that this person may be behind the EA data breach that took place last year. What might connect the person between Bloomberg and cancer is the name “Breachbase.”
From Cancer:
Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account with a Telegram-based service for launching DDoS (Distributed Denial-of-Service) attacks, where they identified themselves as “@injury basis.” News of EA’s hack last year was first posted to the cybercriminal underground by user Breachbase in the English-language hacking community raid forumsrecently confiscated by the FBI.
The big picture around Lapsus$ is still unclear, but I urge you to read the Bloomberg and Krebs reports to learn more about what’s going on.