In a house in Oxford, England, a 16-year-old living with his mother has been wreaking havoc on the other side of the world. Believed to be a male, he’s hacked victims from Microsoft Corp. to Okta Inc. and blazed a trail of mayhem along the way.
His apparent youth isn’t the only thing that sets this operator apart from better-known ransomware gangs like Conti and Revil. His outfit, dubbed Lapsus$, "is known for using a pure extortion and destruction model without deploying ransomware payloads,” Microsoft noted in a blog post this week. The U.S. software company uses the designation DEV-053 to track the group.
According to Bloomberg News, four researchers investigating Lapsus$ believe they’ve identified this kid as the mastermind of the group. Another member is suspected to be a teenager living in Brazil. At the time of writing, the researchers haven’t been able to conclusively link the teen in England to each of the attacks claimed by Lapsus$, and there’s been no public accusation by law enforcement of any wrongdoing, the report notes.