16-year-old behind Lapsus$ cyber-attacks of Nvidia, Microsoft, Ubisoft, Samsung

The cyber-attacks that have managed to breach the likes of Nvidia, Microsoft, Ubisoft and Samsung have been traced back to a 16-year-old living in Oxford, England.

Lapsus$, the hacker group responsible for the attacks, has pulled off a series of high-profile breaches and have leaked proprietary source code and data from the companies online.

According to Bloomberg, the mastermind behind the group is a teen that lives with his mother near Oxford University in England. Four security researchers investigating the breach on behalf of the companies that were breached told the publication that they thought the teen was the mastermind.

The group first surfaced in December 2021, attempting to extort Brazil's Ministry of Health. They claimed to have deleted data that was needed to issue COVID vaccination certificates. The ministry later confirmed that it lost 50 TB of data in the attack. Lapsus$ also hacked into Brazil's prominent telecommunications operator Claro.

Portugal's largest media conglomerate was the group's next target. Impresa owns the largest TV channel and newspaper in Portugal - SIC and Expresso. Lapsus$ hacked both their websites and their twitter accounts.

Then the attacks became more high-profile, targeting Nvidia first followed by Samsung. Lapsus$ laid out a unique extortion demand telling Nvidia that it wanted the company to remove Lite Hash Rates from their RTX 30 series graphics cards. Lite Hash Rate throttles the speed at which cryptocurrency can be mined, making the cards undesirable for crypto mining.

Failure to comply would result in the group posting Nvidia's source code and designs online. As proof, the group leaked the source code of Nvidia's DLSS 2.0 feature. The group also demanded Nvidia open source their drivers for macOS, Windows and Linux.

In the case of Samsung's attack, the group posted nearly 190GB of sensitive information online, including source codes and details on various projects.

Since then, the group has moved on to attack Microsoft, Okta and Ubisoft. In a blog post, Microsoft said that it had managed to limit the extent of the attack and interrupt the source code downloads because Lapsus$ publicly discussed their attack on a Telegram channel.