Two British teenagers associated with the LAPSUS$ cybercrime and extortion gang have been sentenced for orchestrating a series of high-profile attacks against various companies. Arion Kurtaj, an 18-year-old from Oxford, received an indefinite hospital order due to his intent to return to cybercrime. Deemed unfit to stand trial, Kurtaj continued attacking companies until his arrest in September. Another 17-year-old LAPSUS$ member was sentenced to an 18-month Youth Rehabilitation Order for fraud, Computer Misuse Act offenses, and blackmail. The attacks targeted companies such as BT, EE, Microsoft, NVIDIA, Revolut, Samsung, Uber, and Vodafone.
📢 Key Points:
- Sentencing: Arion Kurtaj, 18, received an indefinite hospital order due to his intent to resume cybercrime, while a 17-year-old member received an 18-month Youth Rehabilitation Order.
- Attack Period: The cybercrime spree occurred between August 2020 and September 2022, targeting various high-profile companies.
- LAPSUS$: The group is known for attacks on BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber, and Vodafone.
4 Additional Arrest: A third LAPSUS$ member, suspected to be a teen, was arrested in Brazil in October 2022. - Operational Tactics: LAPSUS$ utilized SIM-swapping attacks to take over victim accounts, infiltrate networks, and employed a Telegram channel to publicize operations and extort victims.
6 .Larger Entity – The Comm: LAPSUS$ and another group, Scattered Spider, are part of a larger entity known as the Comm, engaging in corporate intrusions, SIM swapping, crypto theft, real-life violence, and swatting.
This case highlights the challenges associated with young individuals getting drawn into cybercrime and emphasizes the serious consequences it can have on their future. It also sheds light on the complex and interconnected nature of cybercrime groups operating globally