The boy’s father said they thought he was just busy playing video games.

The leader of the group that hacked major tech giants Microsoft and Nvdia is allegedly a 16-year-old boy living with his parents near Oxford, England, authorities said Thursday.

“I had never heard about any of this until recently,” the boy’s father told the British media. 

“He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”

The rash of attacks had raised fears that Russian President Vladimir Putin was beginning a new phase of his conflict with the United States over the unprovoked invasion of Ukraine.

Thus far, authorities have not publicly linked the teen, who was arrested with six other people, to any Russian involvement.

Was He Doxxed or Discovered?

Cyber-crime gang Lapsus$ had claimed responsibility for the ransomware attacks on multiple tech companies, most recently including Okta, and had thought to be based in South America.

Initial reports had said that the boy, who has not been named for legal recents, was doxxed by his fellow hackers after a fallout.

But one of the consultants who had been tracking the hacker, who went by White or Breachbase online, said that they had already been following his movements for a year or so before he was unmasked online.

“We’ve had his name since the middle of last year and we identified him before the doxxing,” Allison Nixon, chief research officer at cybersecurity company Unit 221B, told the BBC.

“Unit 221B working with [cyber-security company] Palo Alto after identifying the actor, watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes.”

Lapsu$ And Its Methods Reached Far And Wide

The breaches Lapsu$ claimed to have committed were sophisticated and expensive, with each one infiltrating then blackmailing companies for the proprietary code and data that the hackers had stolen.

In each case, the group had breached and made off with massive chunks of data from each company. 

In chipmaker Nvidia’s case, had given them a public deadline to pay for it back and make several substantial changes to how it limited cryptocurrencies.

The company has never said if it met that deadline, but days later, large pieces of its internal proprietary code and information began appearing online.

Okta, too, had felt the sting from Lapsu$, saying that it had first detected a cyberattack on Jan. 20, but took days to realize it had been breached via a third-party contractor. 

The company said this week that it had identified almost 400 customers affected by the breach, and urged them to look into their own security protocols.

Samsung and Microsoft also had high-profile attacks from Lapsu$, with each suffering a similar theft of source code.