16 year old wreaks havoc on Microsoft Corp, Okta

tech.hindustantimes.com:

In a house in Oxford, England, a 16-year-old living with his mother has been wreaking havoc on the other side of the world. Believed to be a male, he’s hacked victims from Microsoft Corp. to Okta Inc. and blazed a trail of mayhem along the way. His apparent youth isn’t the only thing that sets this operator apart from better-known ransomware gangs like Conti and Revil. His outfit, dubbed Lapsus$, “is known for using a pure extortion and destruction model without deploying ransomware payloads,” Microsoft noted in a blog post this week. The U.S. software company uses the designation DEV-053 to track the group.

According to Bloomberg News, four researchers investigating Lapsus$ believe they’ve identified this kid as the mastermind of the group. Another member is suspected to be a teenager living in Brazil. On Thursday, City of London Police arrested seven people — aged 16 to 21 —  in connection with an inquiry into the group. Police didn’t identify the hacking gang, but a person involved in the probe said the arrests were related to the case. 

While the world has been watching Russian hacking of Ukraine, and other targets, Lapsus$ continued with its own operations, adding to the global spate of cybercrime that is estimated to cost the world economy more than $1 trillion annually.

Many of the tactics deployed by Lapsus$ are familiar to security-response teams. Among them is social engineering, where an attacker impersonates a person in order to trick a help-desk employee into giving access to systems or providing sensitive information which can be used to breach a target, Microsoft noted. SIM-swapping is another, in which the hacker successfully replaces a victim’s phone number with its own in order to receive a