← All Threat Actors
Threat Actor Profile

LAPSUS

DEV-0537 G1004 Lapsus LAPSUS$ SLIPPY SPIDER Strawberry Tempest UNC3661
▲ High Threat
An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.
Origin

Known TTPs

Gather Victim Identity Information
Data from Local System
Domain Groups
Confluence
Tool
Data Destruction
Code Repositories
Sharepoint
Virtual Private Server
Identify Roles
Proxy
Domain Account
External Remote Services
Valid Accounts
Malware
Spearphishing Voice
User Execution
Chat Messages
Service Stop
Code Repositories
Cloud Account
Email Forwarding Rule
Business Relationships
Delete Cloud Instance
Credentials from Web Browsers
Account Access Removal
Credentials
Exploitation for Privilege Escalation
Multi-Factor Authentication Request Generation
Additional Cloud Roles
DCSync
Email Accounts
Messaging Applications
Email Addresses
DNS Server
Impersonation
NTDS
Password Managers
Trusted Relationship
Purchase Technical Data
Create Cloud Instance
Cloud Accounts
Multi-Factor Authentication Interception

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD