As we’ve previously reported, the Lapsus$ hacking gang has been wreaking havoc on many major corporations around the world, such as Samsung, Ubisoft, Okta and Microsoft. According to a new Bloomberg report, it appears as though an England-based teenager might be in charge of the operation. Previously, researchers believed that the attackers were based solely in South America.

“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who apparently uses the aliases “White” and “breachbase,” has not been accused by law enforcement of the attacks. Additionally, researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,” Bloomberg revealed.

Researchers believe the teenager is based about five miles outside of Oxford University, and Bloomberg says it was able to speak to his mother for ten minutes through a “doorbell intercom system” at home. The teen’s mother told Bloomberg that she was not aware of the allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg said.

Lapsus$ apparently doesn’t just consist of the English-based teen, though. Bloomberg further reports that another suspected member of the hacking group is a teenager located in Brazil, and that seven unique accounts have been linked to the group. One member is presumed to be such a capable hacker that researchers thought the work was automated.

According to Brian Krebs, a cybersecurity expert, a core member of Lapsus$ who may have used the alias “Oklaqq” or “WhiteDoxbin,” also purchased Doxbin – a website where people can post or search for personal information of others for the purpose of doxing. This attacker known as “WhiteDoxbin” apparently wasn’t the best admin and sold the site back to the original owner, but not before leaking “the entire Doxbin data set,” which led to the Doxbin community doxing WhiteDoxbin, “including videos supposedly shot at night outside his home in the United Kingdom,” Krebs reports.

Krebs also reported that this person may have been behind the EA data breach that took place last year. The connection to this was the name “breachbase.”

Krebs reported, “Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, where they introduced themself as “@breachbase.” News of EA’s hack last year was first posted to the cybercriminal underground by the user “Breachbase” on the English-language hacker community RaidForums, which was recently seized by the FBI.”

The whole picture on Lapsus$ is still a little blurry, but as more is discovered, we will report on it.

Story via The Verge