**Teenagers Aged 16 to 21 Arrested in Microsoft Hack Investigation**
Teenagers aged 16 to 21, believed to be members of the hacking group Lapsus$, have been arrested for investigation.
"London police are conducting an investigation into members of a hacking group," said Inspector Michael O'Sullivan of the Metropolitan Police. "Seven individuals aged 16-21 have been arrested but are out on bail with conditions."
According to O'Sullivan, these seven teenagers are suspected of being involved with Lapsus$, a hacking group that recently targeted major tech companies such as Nvidia, Samsung, Ubisoft, Okta, and Microsoft.
Lapsus$ members are reported to be a group of teenage hackers. Photo: Bullfrag
On March 23, Bloomberg reported that a 16-year-old from Oxford might be a key figure in many of Lapsus$' attacks. The London police declined to confirm whether this individual was among those recently arrested.
BBC News spoke with the father of one teenager believed to be a member of the hacking group, but he said he was unaware of his son's involvement. "The boy is good with computers and spends a lot of time on them; I think he’s just playing games. I haven’t heard anything about the hacking incidents," he said.
Bloomberg also visited the hacker's residence in Oxford. The boy’s mother spoke briefly with a reporter through the doorbell system. She confirmed she was unaware of her son’s activities and stated that the investigation is a matter for law enforcement.
Four cybersecurity experts hired by companies to investigate previously noted that despite their youth, the teenage hackers in Lapsus$ displayed highly professional attack skills, leading experts to initially believe the process was automated.
According to Bleeping Computer, Lapsus$ primarily aims to extort money. Unlike hackers using ransomware to encrypt data and demand ransom, this group often exploits vulnerabilities in the victim company’s staff, targeting employee accounts or paying insiders for access. They then steal proprietary data and demand millions in exchange for its return.
Lapsus$ operates differently from typical ransomware gangs, openly mocking victims or leaking source code and internal documents. In Nvidia’s case, after failing to extort money, Lapsus$ demanded the company unlock cryptocurrency mining features on its graphics cards. With Microsoft, the group publicly leaked the source code of several projects.
Bảo Lâm (via The Verge)
