Cybersecurity researchers trace Lapsus$ attacks to a teenager from England

They believe he's the mastermind behind the hacks.

Sergey Shulgin via Getty Images

A hacking group calling itself Lapsus$ recently made waves by releasing sources codes it claimed to have stolen from Microsoft and Okta. Now, cybersecurity researchers investigating the attacks have traced them to a 16-year-old living with his mother near Oxford, England, according to Bloomberg. While the researchers have identified seven accounts associated with the hacking group — including one traced to another teenager in Brazil — they believe the teenager from England is the mastermind and is behind some of the major Lapsus$ hacks. However, they weren't able to connect the teen to all the attacks the group carried out.

The researchers looked at forensic evidence from the hacks, as well as public information to determine that the teen was indeed involved. Apparently, rival hackers posted the teenager's details online, including his address and information about his parents. Bloomberg didn't release the teen's personal information and only mentioned that he goes by the aliases "White" and "breachbase." White is reportedly so skilled at hacking and so fast at what he does that researchers previously thought the attacks were automated.

Some cybersecurity researchers believe that the group is motivated by not just money, but also notoriety, seeing as the actor doesn't cover its tracks. As Microsoft detailed in its investigation of the Lapsus$ attacks, the group even announces its hacks on social media and publicly posts calls for employees willing to sell their company logins. The bad actor also joins targets' communications channels, such as their Zoom calls, to taunt the people responding to their attacks.

Microsoft said the group started by targeting organizations in United Kingdom and South America, but that it has since expanded to target entities around the world, including government agencies, telecoms, and companies in the health sector. Both Microsoft and Okta admitted that they suffered a security breach, but both claim limited impact from the attacks.