Two British teenagers involved in a LAPSUS$ cybercrime and extortion gang have been sentenced for their role in masterminding a series of high-profile attacks against a number of companies.
Arion Kurtaj, 18, from Oxford, was given an indefinite hospital order for returning to cybercrime “as soon as possible”, the BBC reported. Kurtaji has autism and was deemed unfit to stand trial.
Another LAPSUS$ member, an unnamed 17-year-old minor, was sentenced to an 18-month youth rehabilitation order, including three months of intensive supervision and surveillance requirements. He was found guilty of two counts of fraud, two counts of Computer Misuse Act and one count of extortion.
The two defendants were initially arrested in January 2022 and later released under investigation. They were arrested again in March 2022. Kurtaj was later released on bail, but he continued to attack various companies until he was arrested again in September.
From user to administrator: Learn how hackers gain total control
Learn the secret tactics hackers use to become administrators, and how to detect and stop it before it’s too late. Register now for our webinar.
Join now
The attack occurred between August 2020 and September 2022 and targeted BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber and Vodafone.
LAPSUS$ is said to have members from the UK and Brazil. A third member of the group, also suspected to be a teenager, was arrested in the South American country in October 2022.
A report released this year by the U.S. Department of Homeland Security (DHS) Cybersecurity Review Board (CSRB) revealed that threat actors are using SIM swap attacks to take over victim accounts and infiltrate target networks. It also uses Telegram channels to promote its activities and extort victims.
In the past year, the notoriety brought by LAPSUS$ has also led to the emergence of another group called “Scattered Spiders”. Both groups are part of a larger entity that calls itself Comm.
According to the FBI, the committee was made up of “a geographically diverse group of individuals divided into subgroups, all coordinated through online communication applications such as Discord and Telegram” and engaged in enterprise intrusions, SIM card swapping, Cryptocurrency theft and other activities. , real-life violence and assault.
Detective Chief Superintendent Amanda Horsburgh, of the Metropolitan Police, said: “This case is an example of the dangers that young people can face when online and the serious consequences that can have on someone’s wider future. .”
“Many young people want to explore how technology works and what the vulnerabilities are. This may include learning to code, interacting with like-minded people online and trying out tools. Unfortunately, the digital world can also be tempting to young people for the wrong reasons.” .