Lapsus$ Hacking Group

The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang.

The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launched in August 2022, the agency noted. Not much is known about the suspect other than the fact that the person could be a teenager.

The Polícia Federal said it commenced its investigation in December 2021 following an attack on websites under Brazil's Ministry of Health, resulting in the alleged exfiltration of 50TB of data and temporary unavailability of COVID-19 vaccination information of millions of citizens.

Other federal government portals targeted by the LAPSUS$ group in Brazil include the Ministry of Economy, Comptroller General of the Union, and the Federal Highway Police.


"The crimes determined in the police investigation are those of criminal organization, invasion of a computer device, interruption or disturbance of telegraphic, radio, telegraphic, or telephone service, preventing or hindering its restoration," it said.

Israeli cybersecurity firm Check Point, earlier this March, characterized the cybercrime crew as a "Portuguese hacking group from Brazil."

The findings come after the City of London Police arrested seven individuals from the U.K. in late March 2022, subsequently charging two of the juvenile defendants for breaking into computer systems and carrying out proprietary data theft.

The LAPSUS$ gang, in less than a year, has attracted worldwide notoriety for their headline-grabbing attacks on Microsoft, Cisco, Samsung, NVIDIA, Okta, Ubisoft, Globant, T-Mobile, Mercado Libre, and Vodafone.

The group's earliest intrusions were primarily aimed at Brazilian and South American institutions, before its members branched out to targeting other companies located in Europe and the U.S.

Last month, the City of London Police disclosed it had apprehended a 17-year-old teen from Oxfordshire, who is alleged to be LAPSUS$'s ringleader, in connection with cyber attacks on Uber and Rockstar Games.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.