Federal police in Brazil yesterday arrested a suspected member of the prolific Lapsus$ cybercrime collective, after launching an investigation this summer.
A press release claimed the man was apprehended in Feira de Santana, a city in the north-east of the country, as a result of Operation Dark Cloud, which began in August.
That policing effort was precipitated by Lapsus$ attacks that targeted dozens of Brazilian government agencies, including the Ministry of Health, Ministry of Economy, Comptroller General of the Union and the Federal Highway Police.
According to the police, a breach at the health ministry enabled attackers to delete data and compromise a website used to manage COVID vaccine certificates. The data extortion group is said to have posted a message to the ministry’s website claiming the stolen information was in its hands.
Lapsus$ has targeted many other big-name organizations across the globe over the past year, including tech firms Nvidia, Samsung, Microsoft, Okta, Vodafone, Mercado Libre and Uber.
However, law enforcers appear to have the group in their sights. Back in March, City of London police arrested seven suspects, and a month later charged two teenaged boys with hacking offenses.
The duo could not be named due to their age, but one is believed to be the ringleader of the group – a 16-year-old boy from Oxford who is said to go by the online monikers “White” and “Breachbase.”
In September, the same police force reportedly re-arrested one of the Lapsus$ suspects in connection with an attack on Rockstar Games in which a hacker leaked footage of an upcoming Grand Theft Auto game. The individual has also been linked to a breach at Uber.
The group is believed to have employed a variety of techniques to breach its targets, including co-opting insiders at the firms. It often seeks to extort these victims by stealing sensitive data and threatening to leak it.
However, it's unclear how extensive the global network of Lapsus$ participants is.