When a global company like Samsung, Microsoft, or Nvidia has its data stolen, images of clandestine operatives hammering away at keyboards in a darkened room come to mind. Individuals capable of such actions must be well-trained and possibly even state-funded.
As a mad Titan once said, “Reality is often disappointing.” It turns out the mastermind behind the recent Microsoft data breach, might just be a UK teenager living with his mother.
Hacking Microsoft as an extramural activity
According to a Bloomberg report, security researchers investigating the recent string of high-profile hacks said they managed to trace the attacks, in part, to a sixteen-year-old English teenager. The report does not name the minor and UK law enforcement has made no public accusation against him at this point in time.
The teen is believed to be the mastermind behind a few of the major attacks, including the recent Microsoft breach. The group managed to access an internal Microsoft Azure DevOps server. Here they lifted around 37GB of source code from projects like Microsoft Bing and Cortana.
The teen was so quick and efficient that it was first believed his actions were automated, according to investigating researchers. The teenager may be one of several responsible for the intrusions. Another teenager, based in Brazil, may also be involved.
The group, which calls itself Lapsus$, appears to be driven by a desire for monetary gain and notoriety. It appears to enjoy that last a little too much. It has an active Telegram account with 33,000 subscribers on its main channel. Here it posts screenshots of recently lifted data, announcements of new leaks, attacks, and calls to buy access to companies. It also uses it to interact with its ‘fanbase’.
What’s that about poking bears?
This may be what researchers meant when they told Bloomberg the group doesn’t have very good operational security practices. Members of the group went as far as to join Zoom calls of the companies they’ve hacked to taunt employees.
While it might be pleasant for the group to bask in the publicity and notoriety it’s receiving, we don’t think they were paying attention to the story of Icarus. The moral of which is, if you’re too ambitious you may be felled by your own hubris. The group’s time in the spotlight may soon come to an abrupt end.