According to the results of the last session, the jury found two teenagers guilty of participating in a cybercrime group that gained reputation last year. LAPSUS$ was not like a group of kids; on the contrary, they came across as formidable and whimsical hackers who were keen on successfully and admirably hunting big targets. It was their actions that caused chaos in Silicon Valley after many of the world’s biggest companies were hacked in just a few months.

what is known

• Already 18-year-old Arion Kuraj He was one of the key members of the group. Diagnosed with autism, he personally and assisted others in carrying out most of the gang’s cyberattacks between late 2021 and early 2022. Kurtaj’s identity had previously been posted online by a rival cybercrime group, but due to her age, authorities had not made her public. He did not appear in court because psychiatrists determined that the boy was insane.
• Another young man with autism Minors and unidentified personsHe was also found guilty of joining LAPSUS$.

Nothing is known about the other members of the group.

Their accounts included companies such as Uber, Nvidia, Microsoft, Samsung, Ubisoft, Rockstar Games and others. It was also believed to be linked to a series of data breaches that used hacked mailboxes of law enforcement to solicit information from companies like Apple, Meta and Snapchat.

They were creative

Experts say that young people are behaving unusually and boldly, exceeding industry safety standards. Sometimes these were very simple and banal actions, but they worked because no one could predict them. Of course, the investigation does not reveal the specific methods used by criminals.

Some of its biggest targets, including Rockstar Games, Uber, and Nvidia attacked while on bail for previous hacking crimes.

It’s interesting that many of them don’t even try to ask for a ransom for stolen data, just put it on the internet and “act like a gang of information terrorists who need to prove something, not like a seasoned criminal group,” writes Gizmodo.

The report states: “LAPSUS$ has at various times operated for fame, financial gain, or entertainment, and seems to have combined a variety of methods, some more complex than others, with a glimmer of creativity… Infiltrating corporate networks, stealing source code, demanding payment, seldom-controlled app, obscure online forums They broadcast political messages and quickly moved on to their next target. These cyberattacks were not the business of states and did not always involve particularly sophisticated or advanced tools or techniques. But they were not the business of states. “.

The source concluded that if a group of bored high school kids could defeat their digital defenses so easily, even the largest companies should consider strengthening their cybersecurity.