{
	"id": "70285f6a-c666-40fb-be89-ddee1b31b42b",
	"created_at": "2026-04-06T00:09:33.674775Z",
	"updated_at": "2026-04-10T13:11:42.519059Z",
	"deleted_at": null,
	"sha1_hash": "0af15537d1c651d9048ee0545537d582fe4b2225",
	"title": "Lapsus$ suspects arrested for Microsoft, Nvidia, Okta hacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2766586,
	"plain_text": "Lapsus$ suspects arrested for Microsoft, Nvidia, Okta hacks\r\nBy Ionut Ilascu\r\nPublished: 2022-03-24 · Archived: 2026-04-05 14:00:13 UTC\r\nAs Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say\r\nthey have arrested seven individuals connected to the gang.\r\nA minor in Oxford, England, is believed to be among the leaders of the group that leaked closed source code and proprietary\r\ndata from high-profile companies like Nvidia, Samsung, Microsoft, and Okta.\r\nLapsus$ has also claimed attacks on game developer Ubisoft, telecom company Vodafone, and e-commerce giant Mercado.\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nSome members may take a longer break\r\nThe latest public message from the group on Wednesday announced that some of its members were taking a vacation until\r\nMarch 30.\r\nIt is unclear how many members are in Lapsus$ but clues from their Telegram chats seem to suggest that there are members\r\nwho speak English, Russian, Turkish, German, and Portuguese.\r\nIn a statement to the BBC, the City of London Police said that it had arrested seven people aged 16 to 21 “in connection\r\nwith an investigation into a hacking group” and that all of them are under investigation.\r\nNo names have been released but the real identities of some Lapsus$ members have been known for a while as they had\r\nbeen doxed by rival hackers.\r\nOne of them is a teenager using the aliases White/Breachbase, a 17-year-old known from Oxford, England, who is believed\r\nto have accumulated over 300 BTC - around $13 million at today’s value, from hacking activities, SIM swapping being one\r\nof them.\r\nAllegedly, White lost a good part of this fortune gambling and by leaving their system unprotected, allowing it to get\r\nhacked, twice.\r\nThe aliases above are just a few of more than a dozen the teenager used online, along with a couple of pseudonyms used on\r\nvarious platforms and hacker forums\r\nAlong with identifying information that included the real name, home address, date of birth, and education, rival hackers\r\nalso published private photos of White with their family.\r\nThis was possible because of the long string of poor opsec decisions that left behind an identification trail, which appears to\r\nbe a flaw that extends to other members of the Lapsus$ group as well.\r\nA sample of this is exemplified by Bill Demirkapi, senior security engineer at Zoom, who noticed that Lapsus$ bragged\r\nabout breaching Microsoft while stealing the source code:\r\nWhile this is not a crtitical mistake in revealing the identity of the group, it shows that their operational security skills are\r\nincredibly lacking, allowing security researchers and rivals alike to link email accounts and usernames to their real identity.\r\nThese operational security mistakes are likely what allowed law enforcement to identify and arrest many of the cybercrime\r\ngang's members.\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks/"
	],
	"report_names": [
		"lapsus-suspects-arrested-for-microsoft-nvidia-okta-hacks"
	],
	"threat_actors": [
		{
			"id": "be5097b2-a70f-490f-8c06-250773692fae",
			"created_at": "2022-10-27T08:27:13.22631Z",
			"updated_at": "2026-04-10T02:00:05.311385Z",
			"deleted_at": null,
			"main_name": "LAPSUS$",
			"aliases": [
				"LAPSUS$",
				"DEV-0537",
				"Strawberry Tempest"
			],
			"source_name": "MITRE:LAPSUS$",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d4b9608d-af69-43bc-a08a-38167ac6306a",
			"created_at": "2023-01-06T13:46:39.335061Z",
			"updated_at": "2026-04-10T02:00:03.291149Z",
			"deleted_at": null,
			"main_name": "LAPSUS",
			"aliases": [
				"Lapsus",
				"LAPSUS$",
				"DEV-0537",
				"SLIPPY SPIDER",
				"Strawberry Tempest",
				"UNC3661"
			],
			"source_name": "MISPGALAXY:LAPSUS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2347282d-6b88-4fbe-b816-16b156c285ac",
			"created_at": "2024-06-19T02:03:08.099397Z",
			"updated_at": "2026-04-10T02:00:03.663831Z",
			"deleted_at": null,
			"main_name": "GOLD RAINFOREST",
			"aliases": [
				"Lapsus$",
				"Slippy Spider ",
				"Strawberry Tempest "
			],
			"source_name": "Secureworks:GOLD RAINFOREST",
			"tools": [
				"Mimikatz"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b",
			"created_at": "2022-10-25T16:07:24.503878Z",
			"updated_at": "2026-04-10T02:00:05.014316Z",
			"deleted_at": null,
			"main_name": "Lapsus$",
			"aliases": [
				"DEV-0537",
				"G1004",
				"Slippy Spider",
				"Strawberry Tempest"
			],
			"source_name": "ETDA:Lapsus$",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434173,
	"ts_updated_at": 1775826702,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0af15537d1c651d9048ee0545537d582fe4b2225.pdf",
		"text": "https://archive.orkl.eu/0af15537d1c651d9048ee0545537d582fe4b2225.txt",
		"img": "https://archive.orkl.eu/0af15537d1c651d9048ee0545537d582fe4b2225.jpg"
	}
}