Lapsus

Threat Actor updated 4 months ago (2024-05-04T18:52:49.858Z)
Download STIX
Preview STIX
Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwords and highlighted the group's capabilities. Lapsus also exploited vulnerabilities such as the Log4j Vulnerability, creating ongoing challenges for cybersecurity. The Cyber Safety Review Board (CSRB) under the Department of Homeland Security (DHS) has produced detailed reports on the activities of this group, emphasizing its threat level. The group's tactics are notable for their effectiveness. One instance involved causing multi-factor authentication (MFA) fatigue to an employee by sending numerous MFA authentication notifications, leading to a security compromise. In another case during the summer of 2022, Lapsus managed to infiltrate a trillion-dollar company using just one compromised credential, gaining access to source code. Furthermore, the group used certificates from previous leaks, such as the Nvidia breach, to sign kernel drivers, demonstrating a sophisticated understanding of system exploitation. Despite these activities, Lapsus's operations faced a significant setback when the courts intervened. Identified as a substantial cybersecurity threat, the person known as Lapsus was confined to a secure hospital indefinitely due to concerns about a swift return to cybercrime operations. However, it's worth noting that Lapsus is part of a broader network of threat actors, including APT 35, Corecode, Anonymous, Hive, Pakistani APTs, Russian APTs, Solitbit.ares, and Prynt Stealer, among others. These alliances indicate a global cooperative effort among threat actors, adding another layer of complexity to the cybersecurity landscape.
Description last updated: 2024-05-04T16:33:53.058Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Okta
Ransomware
Microsoft
Extortion
Police
Cybercrime
Samsung
Mitre
Credentials
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
3
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
2
FIN7, a prominent threat actor in the cybercrime landscape, has been noted for its malicious activities and innovative tactics. Known for their relentless attacks on large corporations, FIN7 recently targeted a significant U.S. carmaker with phishing attacks, demonstrating their continued evolution
APT28Unspecified
2
APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party
Source Document References
Information about the Lapsus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
The DHS Cyber Safety Review Board's Inaugural Reports
CERT-EU
8 months ago
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent
CERT-EU
a year ago
FBI LEEP Data Sale Sparks Concerns Over National Security
CISA
2 years ago
#StopRansomware: Cuba Ransomware | CISA
CERT-EU
a year ago
Businesses and passwords are a security marriage needing help
CrowdStrike
a year ago
Cloud Security Incident Response Guidance | CrowdStrike
CERT-EU
a year ago
Transatlantic Cable podcast, episode 314
CISA
2 years ago
#StopRansomware: Cuba Ransomware | CISA
Recorded Future
a year ago
Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan | Recorded Future
CERT-EU
a year ago
Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot