The U.S. government has said it is paying close attention to LAPSUS$, the group that breached Okta, Microsoft, and Nvidia. The answers for the group's motivations are hiding in plain sight.
The group has confounded and captivated some in the cybersecurity industry, with some even speculating that LAPSUS$ may be a front for a government-backed hacking group. But a review of LAPSUS$’s public statements, their breaches, technical analysis by security experts, and indications of who a main member might be, paints a picture of a crew that bears much more resemblance to the sort of free-wheeling gangs that have become a staple in the world of SIM-swapping and other relatively low level hacking techniques. Only this time, people are paying much more attention, in part because of the sorts of targets that LAPSUS$ managed to compromise. On Thursday shortly after the publication of this story, British police said they had arrested seven teenagers suspected of being part of the gang.