The Okta logo is seen in this illustration taken on March 22, 2022. REUTERS / Dado Ruvic / Illustration – RC2R7T9UY7RP
Register now to get free unlimited access to Reuters.com
LONDON/WASHINGTON (Reuters) – British police have arrested seven people following a series of hacks by hacking group Lapsus$, targeting major companies including Octa. (OKTA.O) and Microsoft Corporation (MSFT.O)London City Police said on Thursday.
San Francisco-based Okta Inc, whose authentication services are used by some of the world’s largest companies to provide access to its networks, said Tuesday that it has been hit by hackers and some customers may have been affected. Read more
“The City of London Police are conducting an investigation with their partners regarding members of the hacking group,” Detective Michael O’Sullivan said in an emailed statement in response to a question about the hacking group Lapsus$.
Register now to get free unlimited access to Reuters.com
The ransom-seeking gang had posted a series of screenshots of Okta’s internal communications on its Telegram channel late Monday.
“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and they have all been released under investigation,” O’Sullivan said.
News of the digital hack sent Okta shares down nearly 11 percent amid criticism of the digital authentication company’s slow response to the hack. Read more
Octa shares fell 4.8 percent on Thursday.
The City of London Police did not directly name Lapsus$ in their statement. A spokeswoman said that none of the seven people arrested have been formally charged, pending investigation.
Who is LAPSUS$?
Last month, $ Lapsus leaked private information about US chip maker Nvidia Corp. (NVDA.O) to the web. Read more
Recently, the group claimed to have leaked source code from several major tech companies, including Microsoft, which confirmed on Tuesday that one of its accounts had been hacked.
$Lapsus has not responded to repeated requests for comment on their Telegram channel and by email.
Bloomberg News reported on Wednesday that a teenager living near Oxford, England is suspected of being behind some of the more high-profile attacks.
Contacted by phone, the teen’s father – who cannot be named because he is a minor – declined to comment. Reuters has confirmed that cybersecurity researchers investigating $Lapsus believe the teen was involved in the group, according to three people familiar with the matter.
In a blog Thursday, Unit 42, the research team at Palo Alto Networks, described $Lapsus as an “offensive group” driven by notoriety rather than financial gain.
Unlike other groups, they do not rely on spreading ransomware – malware to encrypt their victims’ networks, a hallmark of digital extortionists – and instead manually lay waste on their targets’ networks.
Along with Unit 221B, a separate security advisory firm, Palo Alto researchers said they identified the “primary actor” behind $Lapsus in 2021 and were “assisting law enforcement in their efforts to prosecute this group.”
“The teen we’ve identified as controlling $Lapsus is particularly instrumental,” Alison Nixon, chief research officer for Unit 221B, told Reuters.
“Not just for their leadership role, but for the vital information they must possess about the other members.”
Register now to get free unlimited access to Reuters.com
Additional reporting by James Pearson in London and Raphael Satter in Washington. Additional reporting by Christopher Bing. Editing by Catherine Evans, Raisa Kasulowsky, Jonathan Otis and David Gregorio
Our criteria: Thomson Reuters Trust Principles.
