{ "id": "f0d637ef-1de4-42a4-9c00-6a769fa72729", "created_at": "2026-04-06T00:10:12.324969Z", "updated_at": "2026-04-10T03:28:46.80814Z", "deleted_at": null, "sha1_hash": "4f04a6a8cf69ab16e814e5047c0cab03e46ecd08", "title": "Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2463621, "plain_text": "Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence\r\nBy Ax Sharma\r\nPublished: 2023-12-21 · Archived: 2026-04-05 18:46:32 UTC\r\nLapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced indefinitely in a 'secure hospital' by a UK\r\njudge.\r\nKurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets\r\nassociated with the video game, Grand Theft Auto VI.\r\nSentenced indefinitely in a 'secure hospital'\r\nArion Kurtaj, a member of the Lapsus$ cybercrime group, was sentenced indefinitely in a \"secure hospital\" by a British\r\njudge, according to a BBC report.\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nKurtaj, an Oxford resident, served as a key Lapsus$ member who leaked clips from Rockstar Games' upcoming video game,\r\nGrand Theft Auto VI.\r\nAccording to the judge, Kurtaj continued to be a \"high risk\" to the public given his abilities and desire to commit\r\ncybercrime.\r\nAs such, unless and until doctors clear him of no longer posing a danger, he shall remain at a secure hospital.\r\nIn addition to the hacker's involvement in cybercriminal activity, the court heard that the hacker had been violent while in\r\ncustody leading to \"dozens of reports of injury or property damage.\"\r\nBecause of his autism, healthcare professionals had deemed Kurtaj unfit to stand trial, deferring it to the jury to decide\r\nwhether his alleged acts were committed with criminal intent.\r\nThe BBC reported that a mental health assessment conducted in conjunction with the sentencing hearing determined that\r\nKurtaj remains highly motivated to \"return to cyber-crime as soon as possible.\"\r\nIn the same trial spanning six weeks, another 17-year-old Lapsus$ member (unnamed due to legal reasons), has been\r\ndeemed guilty at Southwark Crown Court, London.\r\nThe unnamed minor collaborated with Kurtaj and other gang members to breach tech giants NVIDIA and telcos\r\nincluding BT/EE, before attempting to extort them for a $4 million ransom that was not paid. The minor has been sentenced\r\nin a Youth Rehabilitation Order for 18 months with rigorous supervision in place, and a \"ban on using VPNs online.\"\r\nPreviously, Kurtaj was \"caught red handed\" circumventing his bail conditions, state the prosecutors, when his hotel room TV\r\nwas found with an Amazon Fire Stick that let him connect to cloud computing services with his smartphone, keyboard, and\r\nmouse. That's how he was able to conduct the GTA 6 leak, despite having his laptop confiscated.\r\nBelieved to be one of the leaders of the group, Arion Kurtaj was arrested twice in 2022, first in January and then again in\r\nMarch, in connection with Lapsus$ hacking activity.\r\nLapsus$: hacking high-profile names\r\nAlthough the Lapsus$ gang purportedly comprises teenagers, it may be naïve to underestimate their abilities or the threat\r\nposed by the group to an organization's cyber infrastructure.\r\nLapsus$ cybercrime gang has previously taken responsibility for high-profile cyberattacks—ranging from the one at Okta to\r\nUber to fintech giant Revolut as well as the attack concerning Microsoft's internal Azure server through which the group\r\nallegedly leaked 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects.\r\nThe group has also previously claimed to have breached breached LG Electronics (LGE) for a \"second time\" in a year.\r\nLapsus$ says it also breached LG Electronics (BleepingComputer)\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/\r\nPage 3 of 4\n\nBleepingComputer had been unable to confirm the claim at the time and had reached out to LG.\r\nLapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies such\r\nas Samsung, NVIDIA, and Mercado Libre.\r\nData extortion groups like Lapsus$ breach victims, but as opposed to encrypting confidential files like a ransomware\r\noperator would, these actors steal and hold on to victims' proprietary data, and publish it should their extortion demands not\r\nbe met.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/\r\nhttps://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/" ], "report_names": [ "lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434212, "ts_updated_at": 1775791726, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4f04a6a8cf69ab16e814e5047c0cab03e46ecd08.pdf", "text": "https://archive.orkl.eu/4f04a6a8cf69ab16e814e5047c0cab03e46ecd08.txt", "img": "https://archive.orkl.eu/4f04a6a8cf69ab16e814e5047c0cab03e46ecd08.jpg" } }