{ "id": "281fe37a-f6b1-4bde-9623-7fcb15a556eb", "created_at": "2026-04-06T00:17:16.146892Z", "updated_at": "2026-04-10T13:11:44.036535Z", "deleted_at": null, "sha1_hash": "27c77a1d411dabb8288c284d7cf519d17be8a5c2", "title": "Lapsus$ teen hackers convicted of high-profile cyberattacks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2407598, "plain_text": "Lapsus$ teen hackers convicted of high-profile cyberattacks\r\nBy Ionut Ilascu\r\nPublished: 2023-08-23 · Archived: 2026-04-05 18:05:18 UTC\r\nA London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile\r\ncompanies, stole data from them, and demanded a ransom threatening to leak the information.\r\nBelieved to be one of the leaders of the group, Arion Kurtaj, from Oxford, England, was arrested twice in 2022, first in\r\nJanuary and then again in March, in connection with Lapsus$ hacking activity.\r\nHe is on trial for breaching fintech company Revolut, ride-sharing service Uber, and game developer Rockstar Games.\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nHigh-profile organizations impacted by Lapsus$ also include Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Vodafone, Ubisoft, 2K, and Globant.\r\nLeaking data while on bail\r\nKurtaj is autistic and was not deemed fit to be in court. However, a jury was asked to determine if he was responsible for the\r\nalleged hacking activity, disregarding criminal intent.\r\nThe teenager is believed to have breached the City of London Police cloud storage after he was arrested in connection with\r\nthe attack on mobile operator EE.\r\nIt is alleged that after that with the help of some Lapsus$ members, Kurtaj targeted Revolut, Uber, and Rockstar Games,\r\ndemanding millions of U.S. dollars in ransoms.\r\nUsing the handle ‘teapotuberhacker’ and while on bail at a hotel, Kurtaj leaked gameplay videos from the unreleased Grand\r\nTheft Auto 6, obtained after breaching the game developer’s Slack server and Confluence wiki.\r\nKurtaj used more than a dozen online names, White and Breachbase among them, and is believed to have made more than\r\n300 BTC from his hacking activity, SIM-swapping included.\r\nMost of the money was lost to gambling or hackers that breached White’s computer, allegedly twice.\r\nKurtaj is not the only teenager on trial for Lapsus$-related hacking activity. Another member of the gang, a 17-year-old also\r\nsuffering from autism, has been convicted for breaching companies as well.\r\nDespite being a loosely organized group of mostly teenagers, Lapsus$ managed to breach organizations with a strong sense\r\nof security.\r\nSkilled actors still get caught \r\nA recent report from the U.S. government notes that the gang used low-cost techniques to reveal “weak points in our cyber\r\ninfrastructure.”\r\nThe members of the group took SIM-swapping to the next level by paying $20,000 a week for access to a\r\ntelecommunication provider’s platform, which allowed them to hijack targeted phone numbers and obtain one-time\r\npasscodes to various accounts.\r\nLapsus$ activity spread from 2021 to 2022 and involved individuals from the U.K. and Brazil who used social engineering\r\nand hacking techniques of various complexity to breach companies for fame, financial game, and fun.\r\nLast year in September Lapsus$ activity died, as law enforcement started arresting multiple members of the group: multiple\r\nindividuals in the U.K. [1, 2] and another one in Brazil.\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/" ], "report_names": [ "lapsus-teen-hackers-convicted-of-high-profile-cyberattacks" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434636, "ts_updated_at": 1775826704, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/27c77a1d411dabb8288c284d7cf519d17be8a5c2.pdf", "text": "https://archive.orkl.eu/27c77a1d411dabb8288c284d7cf519d17be8a5c2.txt", "img": "https://archive.orkl.eu/27c77a1d411dabb8288c284d7cf519d17be8a5c2.jpg" } }