Lapsus

Threat Actor updated a month ago (2024-11-29T14:22:15.707Z)

Download STIX

Preview STIX

Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwords and highlighted the group's capabilities. Lapsus also exploited vulnerabilities such as the Log4j Vulnerability, creating ongoing challenges for cybersecurity. The Cyber Safety Review Board (CSRB) under the Department of Homeland Security (DHS) has produced detailed reports on the activities of this group, emphasizing its threat level. The group's tactics are notable for their effectiveness. One instance involved causing multi-factor authentication (MFA) fatigue to an employee by sending numerous MFA authentication notifications, leading to a security compromise. In another case during the summer of 2022, Lapsus managed to infiltrate a trillion-dollar company using just one compromised credential, gaining access to source code. Furthermore, the group used certificates from previous leaks, such as the Nvidia breach, to sign kernel drivers, demonstrating a sophisticated understanding of system exploitation. Despite these activities, Lapsus's operations faced a significant setback when the courts intervened. Identified as a substantial cybersecurity threat, the person known as Lapsus was confined to a secure hospital indefinitely due to concerns about a swift return to cybercrime operations. However, it's worth noting that Lapsus is part of a broader network of threat actors, including APT 35, Corecode, Anonymous, Hive, Pakistani APTs, Russian APTs, Solitbit.ares, and Prynt Stealer, among others. These alliances indicate a global cooperative effort among threat actors, adding another layer of complexity to the cybersecurity landscape.

Description last updated: 2024-05-04T16:33:53.058Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Okta

Ransomware

Microsoft

Extortion

Police

Cybercrime

Samsung

Mitre

Credentials

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Lapsus. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	Unspecified	3

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The FIN7 Threat Actor is associated with Lapsus. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global	Unspecified	2
The Oktapus Threat Actor is associated with Lapsus. Oktapus, a threat actor also known as Scattered Spider, Scatter Swine, and Muddled Libra, has been identified as a significant cybersecurity risk due to its sophisticated phishing campaigns. The group first gained notoriety in 2022 when it launched the Oktapus phishing campaign, targeting employees	Unspecified	2
The APT28 Threat Actor is associated with Lapsus. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influ	Unspecified	2

Source Document References

Information about the Lapsus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	The DHS Cyber Safety Review Board's Inaugural Reports
CERT-EU	a year ago	GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent
CERT-EU	a year ago	FBI LEEP Data Sale Sparks Concerns Over National Security
CISA	2 years ago	#StopRansomware: Cuba Ransomware \| CISA
CERT-EU	2 years ago	Businesses and passwords are a security marriage needing help
CrowdStrike	2 years ago	Cloud Security Incident Response Guidance \| CrowdStrike
CERT-EU	a year ago	Transatlantic Cable podcast, episode 314
CISA	2 years ago	#StopRansomware: Cuba Ransomware \| CISA
Recorded Future	2 years ago	Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan \| Recorded Future
CERT-EU	2 years ago	Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot