Lapsus$ and how this organization has put technology giants in check

International investigators handle the hypothesis that  Lapsus$ , the organization behind the hacking of large companies such as Microsoft, NVIDIA or Ubisoft , is made up of minors.


For a few months now, a group of cybercriminals called Lapsus$  has made news on the internet, attacking renowned companies such as Microsoft, NVIDIA, Qualcomm or Ubisoft almost for “fun”.

The group, however, has not only been characterized for being the terror of the technological giants, but also for showing very particular characteristics in this type of crime: their heads, according to international police officers, are minors and many of them live in Latin America .

Lapsus$: your history 

Lapsus$ ‘ criminal history is long and compromising.

The strongest attack was against NVIDIA, where there is talk of kidnapping the information of the development code of future technologies of the RTX 3090 Ti graphics card or the well-known benefits for video games such as DLSS . On that occasion, curiously, they did not request money in exchange for the data, but rather the release of the capacity of the company’s graphics cards to be able to mine cryptocurrencies.

Another particularly striking case is the attack on Samsung, where 190GB of confidential information was stolen from its technologies such as encryption algorithms.

But we are also talking about companies with an almost intrinsic presence in our region, such as Mercado Libre, where the company itself confirmed the violation of accounts of more than 300,000 users and its Mercado Pago mechanism .

This has led investigators to think (and indeed to capture some of them) that the heads reside in Latin America and in countries like Brazil.

The first attack on Lapsus$ seems to confirm the theory: in 2020, they leaked more than 50TB of data on people vaccinated in the register of the Brazilian Ministry of Health. Subsequently, his attacks were on Portuguese-speaking organizations such as Impresa or Claro.

“Cybercrime is a global problem with actors from all over the world, this includes Latin America and it is expected to increase in the short term,” says Nick Biasini, Head of Outreach, Cisco Talos. This organization is one of the largest commercial threat intelligence teams in the world, comprised of top-tier researchers, analysts, and engineers.

“According to ESET telemetry, globally during 2021 around 450,000 new unique malware samples were registered daily on average, compared to the average of 300,000 registered daily during 2020. This shows us a significant increase in the number of threats developed, but not only is the increase in quantity perceived, but also an increase in complexity and diversity”, says Miguel Ángel Mendoza, Security Researcher at ESET Latin America. “In particular, this panorama is presented in Latin America, where computer threats have also shown an upward trend in recent years, particularly since the declaration of the pandemic and generalized confinements.”

Members of this organization may not even reach the age of majority. Theories about its leaders are varied, first with the Bloomberg report where four cybersecurity experts investigating the group on behalf of the attacked companies were convinced that a 16-year-old teenager who lives with his mother near Oxford (England) is the brains behind Lapsus$.

However, they also suspected that another teenager based in Brazil was involved in the group. And although geographically they were separated by hundreds of kilometers, the internet made it easier for them to coordinate their attacks.

“Usually we see younger people involved in cybercrime, not necessarily minors, but it is generally a younger demographic that is doing cybercrime,” Biasini says.

“Within the range of cybercriminal possibilities, there are different profiles that range from the youngest to very experienced people, or from people who operate independently and individually, to very well organized groups with different skills and knowledge,” Mendoza reports. .

More is known about the young Englishman. The teenager’s father told the BBC that his family is concerned and they are trying to keep him away from computers. The teen reportedly moved online under the moniker “White” or “Breachbase.”

“Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a group of hackers. All have been released under investigation. Our investigations are still ongoing,” said the London police before the spread of the case.

How to avoid these attacks?

The experts consulted agree that it is impossible to close all the fronts to prevent these cyberattacks, but it is possible to close gaps to minimize the risks.

“Preventing cyberattacks involves a huge commitment that includes many different aspects, most notably a defense-in-depth approach, including the deployment of defensive technologies along with user education on the threats posed and proper security practices,” Nick concludes. Biasini.

“Computer threats and cyberattacks have increased in number, complexity and diversity, a situation that is accentuated by today’s greater digital dependency. Therefore, cybersecurity becomes more relevant for users, organizations from all sectors and even governments, mentions Miguel Ángel Mendoza. “In this context, it is necessary to understand that cybersecurity, in addition to being based on technology, must also have other pillars that range from regulations to operational and management aspects. For this reason, it is essential to have the necessary processes, personnel and technology to deal with threats and attacks.”