Police in Britain have arrested seven people following a series of hacks by the Lapsus$ hacking group which targeted major firms including Okta and Microsoft, City of London Police said.
San Francisco-based Okta, whose authentication services are used by some of the world's biggest companies to provide access to their networks, said this week it had been hit by hackers and some customers may have been affected.
"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector Michael O'Sullivan said in an emailed statement in response to a question about the Lapsus$ hacking group.
The ransom-seeking gang had posted a series of screenshots of Okta's internal communications on their Telegram channel late on Monday.
"Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation," O'Sullivan said.
News of the digital breach had knocked Okta shares down about 11 percent amid criticism of the digital authentication firm's slow response to the intrusion.
City of London Police did not directly name Lapsus$ in its statement.
A spokeswoman said none of the seven people arrested had been formally charged, pending investigation.
Last month, Lapsus$ leaked proprietary information about US chipmaker Nvidia to the web.
More recently the group has purported to have leaked source code from several big tech firms, including Microsoft, which confirmed that one of its accounts had been compromised.
Lapsus$ have not responded to repeated requests for comment on their Telegram channel and by email.
A teenager living near Oxford, England, is suspected of being behind some of the more notable attacks, Bloomberg News reported this week.
Reached by phone, the father of the teenager - who cannot be named because they are a minor - declined to comment.
Reuters confirmed that cyber security researchers investigating Lapsus$ believe the teenager was involved in the group, according to three people familiar with the matter.
In a blog post, Unit 42, a research team at Palo Alto Networks, described Lapsus$ as an "attack group" motivated by notoriety rather than financial gain.
Unlike other groups, they do not rely on the deployment of ransomware - malicious software to encrypt their victims' networks, a hallmark of digital extortionists - and instead manually lay waste to their targets' networks.
Along with Unit 221b, a separate security consultancy, the Palo Alto researchers said they had identified the "primary actor" behind Lapsus$ in 2021 and had been "assisting law enforcement in their efforts to prosecute this group".
"The teenager we identified as being in control of Lapsus$ is particularly instrumental," Allison Nixon, chief research officer at Unit 221b, told Reuters.
"Not just for their leadership role, but for the vital intel they must possess on other members".
