Lapsus

Threat Actor updated 7 months ago (2024-05-04T18:52:49.858Z)
Download STIX
Preview STIX
Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwords and highlighted the group's capabilities. Lapsus also exploited vulnerabilities such as the Log4j Vulnerability, creating ongoing challenges for cybersecurity. The Cyber Safety Review Board (CSRB) under the Department of Homeland Security (DHS) has produced detailed reports on the activities of this group, emphasizing its threat level. The group's tactics are notable for their effectiveness. One instance involved causing multi-factor authentication (MFA) fatigue to an employee by sending numerous MFA authentication notifications, leading to a security compromise. In another case during the summer of 2022, Lapsus managed to infiltrate a trillion-dollar company using just one compromised credential, gaining access to source code. Furthermore, the group used certificates from previous leaks, such as the Nvidia breach, to sign kernel drivers, demonstrating a sophisticated understanding of system exploitation. Despite these activities, Lapsus's operations faced a significant setback when the courts intervened. Identified as a substantial cybersecurity threat, the person known as Lapsus was confined to a secure hospital indefinitely due to concerns about a swift return to cybercrime operations. However, it's worth noting that Lapsus is part of a broader network of threat actors, including APT 35, Corecode, Anonymous, Hive, Pakistani APTs, Russian APTs, Solitbit.ares, and Prynt Stealer, among others. These alliances indicate a global cooperative effort among threat actors, adding another layer of complexity to the cybersecurity landscape.
Description last updated: 2024-05-04T16:33:53.058Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Okta
Ransomware
Microsoft
Extortion
Police
Cybercrime
Samsung
Mitre
Credentials
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Lapsus. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit Unspecified
3
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The FIN7 Threat Actor is associated with Lapsus. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
The APT28 Threat Actor is associated with Lapsus. APT28, also known as Fancy Bear and Unit 26165 of the Russian Main Intelligence Directorate, is a threat actor linked to Russia with a history of cyber-espionage activities. The group has been involved in several high-profile attacks, including the hacking of the Democratic National Committee (DNC) Unspecified
2
Source Document References
Information about the Lapsus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more