Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge.
Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. Sentenced to life in a 'secure hospital'.
Unless and until doctors clear him of no longer posing a danger, he shall remain at a secure hospital for life.
Because of his autism, healthcare professionals had deemed Kurtaj unfit to stand trial, deferring it to the jury to decide whether his alleged acts were committed with criminal intent.
In the same trial spanning six weeks, another 17-year-old Lapsus$ member, has been deemed guilty at Southwark Crown Court, London.
The unnamed minor collaborated with Kurtaj and other gang members to breach tech giants NVIDIA and telcos including BT/EE, before attempting to extort them for a $4 million ransom that was not paid.
That's how he was able to conduct the GTA 6 leak, despite having his laptop confiscated.
Believed to be one of the leaders of the group, Arion Kurtaj was arrested twice in 2022, first in January and then again in March, in connection with Lapsus$ hacking activity.
Although the Lapsus$ gang purportedly comprises teenagers, it may be naïve to underestimate their abilities or the threat posed by the group to an organization's cyber infrastructure.
Lapsus$ cybercrime gang has previously taken responsibility for high-profile cyberattacks-ranging from the one at Okta to Uber to fintech giant Revolut as well as the attack concerning Microsoft's internal Azure server through which the group allegedly leaked 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects.
BleepingComputer had been unable to confirm the claim at the time and had reached out to LG. Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies such as Samsung, NVIDIA, and Mercado Libre.
Data extortion groups like Lapsus$ breach victims, but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims' proprietary data, and publish it should their extortion demands not be met.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 21 Dec 2023 20:45:22 +0000