Cybersecurity researchers believe they may have found the hacker behind the recent “Lapsus$” cyberattacks on companies including Microsoft and Nvidia — and their suspect is a 16-year old boy living in England.

Bloomberg reports that cybersecurity researchers that have been investigating a number of recent cyberattacks on tech companies like Microsoft and Nvidia perpetrated by a group calling itself “Lapsus$” believe they have traced the attacks back to a 16-year-old boy living with his mother in Oxford, England.

Researchers investigating the hacking group Lapsus$ say they believe that the teenager is behind the attacks. Lapsus$ has confused many cybersecurity experts as the motivation of the hackers seemed to be random, with no primary aim. The researchers believe that the group is most likely motivated simply by money and notoriety.

Microsoft CEO Satya Nadella

The teenager that is under suspicion by the researchers has yet to be conclusively tied to all of the hacks that Lapsus$ has claimed responsibility for. The researchers used forensic evidence from the hacks and publicly available information to link the teenager to the group.

Bloomberg is not naming the teenager due to his status as a minor, but he goes by the online alias “White” and “breachbase.” The teenager has also not yet been publicly accused by law enforcement of illegal activity.

Researchers suspect another member of the hacking group to be a teenager from Brazil. One investigator said that security researchers have identified seven unique accounts linked with Lapsus$, indicating that others are likely involved in the hacks.

Lapsus$ has made a point of publicly embarrassing its hacking victims, leaking their source code and internal documents. Lapsus$ has even joined Zoom calls of companies they’ve breached where they taunted employees attempting to fix the hack.

The group reportedly has poor operational security, according to researchers. Microsoft designated the group with the name DEV-0537, and commented in a blog post: “Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks. They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail and health-care sectors.”

Read more at Bloomberg here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com