Suspected Okta hackers arrested by British police

3 minute read

Okta logo is displayed in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration - RC2R7T9UY7RP

Register now for FREE unlimited access to Reuters.com

LONDON/WASHINGTON, March 24 (Reuters) - Police in Britain have arrested seven people following a series of hacks by the Lapsus$ hacking group which targeted major firms including Okta Inc (OKTA.O) and Microsoft Corp (MSFT.O), City of London Police said on Thursday.

San Francisco-based Okta Inc, whose authentication services are used by some of the world's biggest companies to provide access to their networks, said on Tuesday it had been hit by hackers and some customers may have been affected. read more

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector Michael O'Sullivan said in an emailed statement in response to a question about the Lapsus$ hacking group.

Register now for FREE unlimited access to Reuters.com

The ransom-seeking gang had posted a series of screenshots of Okta's internal communications on their Telegram channel late on Monday.

"Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation," O'Sullivan said.

News of the digital breach had knocked Okta shares down about 11 percent amid criticism of the digital authentication firm's slow response to the intrusion. read more

Shares of Okta were trading down 4.8% on Thursday.

City of London Police did not directly name Lapsus$ in its statement. A spokeswoman said none of the seven people arrested had been formally charged, pending investigation.

WHO ARE LAPSUS$?

Last month, Lapsus$ leaked proprietary information about U.S. chipmaker Nvidia Corp (NVDA.O) to the Web. read more

More recently the group has purported to have leaked source code from several big tech firms, including Microsoft, which on Tuesday confirmed that one of its accounts had been compromised.

Lapsus$ have not responded to repeated requests for comment on their Telegram channel and by email.

A teenager living near Oxford, England, is suspected of being behind some of the more notable attacks, Bloomberg News reported on Wednesday.

Reached by phone, the father of the teenager - who cannot be named because they are a minor - declined to comment. Reuters confirmed that cybersecurity researchers investigating Lapsus$ believe the teenager was involved in the group, according to three people familiar with the matter.

In a blog post on Thursday, Unit 42, a research team at Palo Alto Networks, described Lapsus$ as an "attack group" motivated by notoriety rather than financial gain.

Unlike other groups, they do not rely on the deployment of ransomware - malicious software to encrypt their victims' networks, a hallmark of digital extortionists - and instead manually lay waste to their targets' networks.

Along with Unit 221b, a separate security consultancy, the Palo Alto researchers said they had identified the "primary actor" behind Lapsus$ in 2021 and had been "assisting law enforcement in their efforts to prosecute this group".

"The teenager we identified as being in control of Lapsus$ is particularly instrumental," Allison Nixon, chief research officer at Unit 221b, told Reuters.

"Not just for their leadership role, but for the vital intel they must possess on other members".

Register now for FREE unlimited access to Reuters.com
Reporting by James Pearson in London and Raphael Satter in Washington; Additional reporting by Christopher Bing; Editing by Catherine Evans, Raissa Kasolowsky, Jonathan Oatis and David Gregorio

Our Standards: The Thomson Reuters Trust Principles.