Brazilian police announce arrest of alleged Lapsus$ member

Federal Police in Brazil said they arrested an alleged member of the notorious Lapsus$ hacking group on Wednesday. 

In a statement, police officials explained that they arrested someone in the Brazilian city of Feira de Santana.

Little information was shared about the suspect but police implied they are prepared to charge the person with crimes related to operating a criminal organization, invasion of computer devices, technological disturbances and more. 

“It was also found the practice of corruption of minors, a crime provided for in the Statute of Children and Adolescents, and money laundering, according to Law No. 9,613/1998,” police said. 

The arrest was part of Operation Dark Cloud, an effort announced in August that sought to investigate the group's alleged operations within Brazil. Brazil’s Federal Police carried out eight search and seizure warrants as part of the operation. 

Police officials noted that in addition to the group’s headline-grabbing attacks on Microsoft, Cisco, Samsung, Nvidia and Okta, among others, members also attacked Brazil’s Ministry of Health and “dozens of other bodies and entities of the Federal Government, including the Ministry of Economy, Comptroller General of the Union and the Federal Highway Police.”

While Operation Dark Cloud began in August, the group has been under investigation since December, when the cloud environment of the Ministry of Health was initially attacked.

“At the time, the attackers deleted files, data and instances from the attacked folder, even leading to the compromise of the website, responsible for the National Vaccination Certificate,” the Federal Police explained. 

“After the attack, when trying to access the Ministry of Health website (, users found a message stating that system data had been copied and deleted and was in the hands of the invading group.”

Police added that the group has attacked multiple companies in Brazil as well as others across the U.S. and Europe. 

The attacks on Brazilian institutions were the first for the group before it expanded to more high profile victims in Europe and the U.S. 

The group became notable for its erratic behavior, public boasts of its attacks and because several of its members appear to be teenagers. At least one teenager lives in Oxford, U.K. and was doxxed by other members, according to Bloomberg. 

U.K. law enforcement arrested seven people, ages ranging from 16 to 21, in March for alleged involvement in the Lapsus$ Group. A 17-year-old was arrested by U.K. police last month after cyberattacks on Uber and Rockstar Games

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.