From launching a few destructive attacks only a few months ago, the Lapsus$ Group has grown to steal and publish source code from several top-tier technology companies.

Although Lapsus$ is sometimes called a ransomware group, it doesn’t deploy ransomware in its extortion attempts.

Today’s threat actors use ransomware to extort victims for decryption keys to encrypt data and systems, sometimes turning the pressure up by threatening to publish stolen data.

However, the approach of Lapsus$ appears to be unusual – the group’s main goal is notoriety rather than financial gain.

What Is The Lapsus$ Group?

Hackers affiliated with the LAPSUS$ group have been the most prolific threat to cybersecurity in 2022, with a number of high-profile businesses admitting breaches.

In just three months, Nvidia, LG, Microsoft, and Okta have fallen victim to LAPSUS$. Until late March, very little was known about the group.

When it comes to analyzing LAPSUS$, the biggest uncertainty is identifying who is behind the cybercriminal organization. According to security expert Marcus Hutchins, observers are perplexed by the group that appears both competent and incompetent at the same time.

On the one hand, it has taken down a number of high-profile targets that even the most experienced cybercriminals would be proud to hang from their mantle. The group also shows a gung-ho attitude toward operational security. Instead of hiding in the shadows, it advertises its activity via a public Telegram channel. It offers members a way to vote on which company’s data is next to be exposed.

Who Is behind Lapsus$ Group?

As reported by Bloomberg, the entire operation is being led by a 16-year-old from Oxfordshire, UK, with other members in the UK and Brazil.

The City of London Police declined to confirm if the 16-year-old was among the seven arrested in connection with the LAPSUS$ group on 24 March. The seven people arrested ranged in age from 16 to 21; all were released, but investigations are ongoing.