The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks.
In a short tweet shared by law enforcement, the teen was arrested in Oxfordshire as part of a hacking investigation supported by the UK’s National Crime Agency.
“On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking, as part of an investigation supported by the @NCA_UK’s National Cyber Crime Unit (NCCU).
He remains in police custody” – City of London Police.
BleepingComputer has reached out to the NCA and City of London police to learn more about this investigation.
NCA referred us to the City of London, stating it was their investigation, while the latter said they have no further information to share and any new information that would be posted on Twitter.
BleepingComputer also reached out to the FBI regarding the suspect’s possible involvement in the Uber attack but has not immediately received a response.
Researchers believe the arrest is tied to Lapsus$
While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K.
During last year’s attacks, the Lapsus$ hacking group was said to be led by a threat actor named ‘White’ or ‘BreachBase,’ who was doxxed as allegedly a 16-year-old teen from the UK. This hacking group is responsible for numerous high-profile attacks, including Microsoft, Cisco, NVIDIA, Samsung, and Okta.
In April, the City of London Police arrested seven people aged 16 to 21, including the alleged 17-year-old ringleader. However, the UK soon released the two boys on bail as they were minors.
Last Thursday, Uber disclosed they were responding to a cyberattack after a hacker, known as ‘TeaPots,’ gained access to their Slack server and began posting screenshots of their access to other internal services.
Three days later, on Sunday, a threat actor calling themselves ‘teapotuberhacker’ began leaking previously unseen Grand Theft Auto 6 video footage and snippets of source code for GTA V and GTA VI on GTAforums.com.
This threat actor claimed that they breached Rockstar Game’s Slack and Confluence servers to steal the data and also said they were behind the recent attack on Uber.
The owner of the Breached hacking forum, pompompurin, was the first to claim claimed that White was behind the Rockstar Games and Uber attacks.
Soon after, Uber also attributed the attack to the Lapsus$ hacking group, which used MFA Fatigue attacks and other tactics that are known to be associated with this hacking group.
More recently, gaming company 2K also suffered a security breach, where the threat actor used their help desktop to send malware to customers. While there is no formal attribution to Lapsus$, 2K is owned by Take-Two Interactive, the parent company of Rockstar Games.
Due to the recent attacks, the attribution, and the age and location of the arrested individual, many in the cybersecurity community believe that the arrest is linked to the Lapsus$ group.
Journalist Matthew Keys says that it was a 17-year-old boy who was arrested over the hack of Rockstar, and likely Uber.
UPDATE: Arrest of 17-year-old by police in the United Kingdom over hack of Rockstar and possibly Uber was done in concert with an investigation conducted by the FBI, according to a source with knowledge of the matter.
— Matthew Keys (@MatthewKeysLive) September 23, 2022
However, as the suspect is a minor, their name cannot be released by law enforcement under UK law.
This is a developing story and will be updated as more information is revealed.