Two U.K. teenagers have been charged in connection with an investigation into the Lapsus$ hacking group, the BBC reported today.

The teenagers, aged 16 and 17, reportedly face multiple charges. Both face three counts of unauthorized access to a computer with intent to impair the reliability of data, one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data. The 16-year-old has also been charged with causing a computer to perform a function to secure unauthorized access to a program.

Early this morning, the BBC reported that the teenagers were due to appear at the Highbury Corner Magistrates’ Court today. 

The development comes about a week after the City of London Police arrested seven people aged 16 to 21 in connection with an investigation into the Lapsus$ hacking group. A few days before the arrests, four cybersecurity researchers told Bloomberg that they believe a 16-year-old from Oxford, England, is the mastermind behind the hacking group. 

Lapsus$ has carried out a series of high-profile cyberattacks against tech companies over the last few months. The hacking group recently breached Microsoft Corp.’s software development environment and leaked source code for several products, including Bing. Around the same time that the data breach at Microsoft was made public, Okta Inc. disclosed a part of its corporate network has also been compromised by Lapsus$.

One of the latest cyberattacks carried out by Lapsus$ targeted software development company Globant SA. The company confirmed the data breach on Wednesday, saying in a statement that “according to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients.”

Earlier, Lapsus$ launched cyberattacks against Nvidia Corp. and Samsung Electronics Co. Ltd. In both cases, Lapsus$ gained access to some of the companies’ internal product data. Nvidia disclosed that the  hackers gained “proprietary information from our systems,” while Samsung stated that source code related to its Galaxy smartphone line was accessed. 

Overall, Lapsus$ has carried out cyberattacks against dozens of organizations in South America, the United Kingdom, Europe and Asia, Wired reported this week. According to prominent cybersecurity researcher Brian Krebs, the hacking group first emerged last December after launching a cyberattack against Brazil’s Ministry of Health.

Photo: Unsplash