A London jury has discovered that an 18-year-old member of the Lapsus$ knowledge extortion gang helped hack a number of high-profile firms, stole knowledge from them, and demanded a ransom threatening to leak the knowledge.

Believed to be one of many leaders of the group, Arion Kurtaj, from Oxford, England, was arrested twice in 2022, first in January after which once more in March, in reference to Lapsus$ hacking exercise.

He’s on trial for breaching fintech firm Revolut, ride-sharing service Uber, and recreation developer Rockstar Video games.

Excessive-profile organizations impacted by Lapsus$ additionally embody Microsoft, Cisco, Okta, Nvidia, T-Cell, Samsung, Vodafone, Ubisoft, 2K, and Globant.

Leaking knowledge whereas on bail

Kurtaj is autistic and was not deemed match to be in court docket. Nonetheless, a jury was requested to find out if he was accountable for the alleged hacking exercise, disregarding felony intent.

{The teenager} is believed to have breached the Metropolis of London Police cloud storage after he was arrested in reference to the assault on cellular operator EE.

It’s alleged that after that with the assistance of some Lapsus$ members, Kurtaj focused Revolut, Uber, and Rockstar Video games, demanding thousands and thousands of U.S. {dollars} in ransoms.

Utilizing the deal with ‘teapotuberhacker’ and whereas on bail at a lodge, Kurtaj leaked gameplay movies from the unreleased Grand Theft Auto 6, obtained after breaching the sport developer’s Slack server and Confluence wiki.

Kurtaj used greater than a dozen on-line names, White and Breachbase amongst them, and is believed to have made greater than 300 BTC from his hacking exercise, SIM-swapping included.

Many of the cash was misplaced to playing or hackers that breached White’s laptop, allegedly twice.

Kurtaj just isn’t the one teenager on trial for Lapsus$-related hacking exercise. One other member of the gang, a 17-year-old additionally affected by autism, has been convicted for breaching firms as nicely.

Regardless of being a loosely organized group of principally youngsters, Lapsus$ managed to breach organizations with a powerful sense of safety.

Expert actors nonetheless get caught 

A current report from the U.S. authorities notes that the gang used low-cost methods to disclose “weak factors in our cyber infrastructure.”

The members of the group took SIM-swapping to the following degree by paying $20,000 every week for entry to a telecommunication supplier’s platform, which allowed them to hijack focused cellphone numbers and acquire one-time passcodes to varied accounts.

Lapsus$ exercise unfold from 2021 to 2022 and concerned people from the U.Okay. and Brazil who used social engineering and hacking methods of varied complexity to breach firms for fame, monetary recreation, and enjoyable.

Final 12 months in September Lapsus$ exercise died, as regulation enforcement began arresting a number of members of the group: a number of people within the U.Okay. [1, 2] and one other one in Brazil.