Two British teenagers who were part of a cybercrime group called LAPSUS$ have been sentenced for their involvement in high-profile attacks against several companies. One of the teens, an 18-year-old from Oxford named Arion Kurtaj, has been given an indefinite hospital order due to his intention to return to cybercrime. The other member, a 17-year-old whose name was not disclosed, received an 18-month Youth Rehabilitation Order.
The attack spree, which occurred between August 2020 and September 2022, targeted companies such as BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber, and Vodafone. The LAPSUS$ group is made up of individuals from the UK and Brazil.
The group used SIM-swapping attacks to take over victim accounts and infiltrate target networks, as revealed by a report published by the US Department of Homeland Security’s Cyber Safety Review Board. They also used a Telegram channel to publicize their operations and extort their victims.
The notoriety of LAPSUS$ has led to the emergence of another group called Scattered Spider, and both groups are part of a larger entity known as the Comm. The Comm is a geographically diverse group of individuals who coordinate through online communication applications to engage in various cyber activities.
This case serves as a warning about the dangers that young people can be drawn to online, said Amanda Horsburgh, a detective chief superintendent from the City of London Police. Many young people are interested in exploring technology and learning about vulnerabilities, but they must also be aware of the potential consequences of engaging in illegal activities.
Key points:
- Two British teenagers have been sentenced for their involvement in high-profile cyberattacks as part of the LAPSUS$ group
- One of the teens has been given an indefinite hospital order due to his intention to return to cybercrime
- The LAPSUS$ group targeted companies such as BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber, and Vodafone
- The group used SIM-swapping attacks and a Telegram channel to carry out their operations
- The case highlights the dangers that young people can face online and the potential consequences of engaging in cybercrime