Oxford Teenager Found Responsible for Hacking Big-Name Brands in Lapsus$ Group
An 18-year-old Oxford resident named Arion Kurtaj has been identified as the culprit behind a series of hacking incidents that targeted well-known brands, as part of the notorious Lapsus$ group. While psychiatrists deemed Kurtaj unfit to stand trial, a jury at Southwark Crown Court concluded that he was the individual responsible for carrying out the cyberattacks, even though he couldn’t be declared “guilty” due to lack of criminal intent.
Kurtaj is accused of compromising companies such as Nvidia, Uber, BT, and EE. From EE, he allegedly stole internal files and demanded a $4 million ransom. Additionally, a 17-year-old accomplice collaborated with Kurtaj to steal nearly $100,000 from cryptocurrency wallets using stolen SIM information from EE customers, as reported by the BBC.
Shockingly, Kurtaj’s final hacking endeavor occurred while he was on bail at a Travelodge hotel room. He infiltrated Rockstar Games, posted messages on the company’s Slack channel, and leaked numerous clips of unfinished gameplay from the highly anticipated Grand Theft Auto 6.
Following their involvement in the Lapsus$ group, both Kurtaj and his 17-year-old accomplice will reportedly be sentenced at a later date.
Several other members of Lapsus$ remain at large, with speculations suggesting that some of them may be residing in South America. However, authorities managed to apprehend one suspected member in Feira de Santana, a city in Brazil’s northeast, back in October.
Lapsus$, as a group, successfully executed multiple attacks on major companies, including Microsoft, Samsung, LG, Okta, and Vodafone. They employed various techniques, such as vishing, SIM swapping, solicitation of insiders employed by targeted firms, accessing and scraping SharePoint sites for technical information and credentials, utilizing acquired credentials to breach corporate VPNs, and cloning git repositories to gain access to API keys.