Lapsus

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwords and highlighted the group's capabilities. Lapsus also exploited vulnerabilities such as the Log4j Vulnerability, creating ongoing challenges for cybersecurity. The Cyber Safety Review Board (CSRB) under the Department of Homeland Security (DHS) has produced detailed reports on the activities of this group, emphasizing its threat level. The group's tactics are notable for their effectiveness. One instance involved causing multi-factor authentication (MFA) fatigue to an employee by sending numerous MFA authentication notifications, leading to a security compromise. In another case during the summer of 2022, Lapsus managed to infiltrate a trillion-dollar company using just one compromised credential, gaining access to source code. Furthermore, the group used certificates from previous leaks, such as the Nvidia breach, to sign kernel drivers, demonstrating a sophisticated understanding of system exploitation. Despite these activities, Lapsus's operations faced a significant setback when the courts intervened. Identified as a substantial cybersecurity threat, the person known as Lapsus was confined to a secure hospital indefinitely due to concerns about a swift return to cybercrime operations. However, it's worth noting that Lapsus is part of a broader network of threat actors, including APT 35, Corecode, Anonymous, Hive, Pakistani APTs, Russian APTs, Solitbit.ares, and Prynt Stealer, among others. These alliances indicate a global cooperative effort among threat actors, adding another layer of complexity to the cybersecurity landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Okta
Ransomware
Microsoft
Police
Cybercrime
Samsung
Mitre
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
3
LockBit is a malicious software (malware) that has been implicated in several high-profile cyber attacks. It infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, the L
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
2
FIN7, a cyber threat actor active since 2013, has been involved in numerous high-profile attacks, demonstrating a sophisticated understanding of cyber operations and a broad range of malicious capabilities. In November 2022, Sentinel Labs researchers linked FIN7 to the Black Basta ransomware gang, i
APT28Unspecified
2
APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor group linked to Russia that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide. Recently, APT28 has been identified a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lapsus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
The DHS Cyber Safety Review Board's Inaugural Reports
CERT-EU
5 months ago
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent
CERT-EU
9 months ago
Transatlantic Cable podcast, episode 314
CERT-EU
a year ago
Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot
CERT-EU
a year ago
Businesses and passwords are a security marriage needing help
CISA
a year ago
#StopRansomware: Cuba Ransomware | CISA
CrowdStrike
a year ago
Cloud Security Incident Response Guidance | CrowdStrike
Recorded Future
a year ago
Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan | Recorded Future
CISA
a year ago
#StopRansomware: Cuba Ransomware | CISA
CERT-EU
7 months ago
FBI LEEP Data Sale Sparks Concerns Over National Security