U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lapsus$ member has been convicted of having hacked multiple high-profile companies

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies. A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile companies, including Uber, Revolut, and blackmailed the developers of the gaming firm Rockstar Games. Since September […]

Lapsus$

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies.

A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile companies, including Uber, Revolut, and blackmailed the developers of the gaming firm Rockstar Games.

Since September 2022, Kurtaj conducted a series of solo attacks, he gained access to around 5,000 Revolut customers’ records and hacked Uber causing $3 million of damage. Then he targeted Rockstar Games and threatened to release the source code for the popular video games Grand Theft Auto sequel.

Other victims of the man are the Britain broadband provider BT Group and Nvidia.

Kurtaj has autism and was assessed by psychiatrists as not fit to stand trial. However, a jury was asked to determine if the teenager was responsible for the series of attacks and if he acted with the criminal intent.

“Prosecutors said Kurtaj and a 17-year-old, who cannot be named for legal reasons and whose case was heard alongside Kurtaj’s, were “key players” in Lapsus$.

“The jury on Wednesday found Kurtaj committed 12 offences, including three counts of blackmail, two counts of fraud and six charges under the Computer Misuse Act.” reads the report published by Reuters. “The 17-year-old was found guilty of one count of fraud, one count of blackmail and one count under the Computer Misuse Act relating to Nvidia. He was found not guilty of one count of blackmail and one count under the Computer Misuse Act in relation to BT.”

Kurtaj had previously pleaded guilty to one count under the Computer Misuse Act and one count of fraud in relation to the BT, and to one count under the Computer Misuse Act for the hack of the City of London Police.

The Lapsus$ group was one of the most active gangs in the threat landscape, they targeted a lot of high-profile organizations, including NVIDIASamsungUbisoft, Mercado Libre, VodafoneMicrosoftOkta, and Globant.

The group’s activity ceased last year in September.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Lapsus$)