lapsus$
Ransomware group profile
Description
Lapsus$ is a financially motivated cybercrime group that emerged in late 2021, known for employing unconventional data extortion tactics. The group leverages social engineering, SIM swapping, and insider recruitment to gain access to sensitive information from high-profile organizations across various sectors.
Key insights
- •Employs social engineering techniques, including phishing and bribery, to gain initial access.
- •Targets major technology, telecommunications, and gaming companies globally.
- •Utilizes legitimate tools for credential theft instead of deploying custom malware.
- •Publicly threatens victims with data leaks via Telegram to extort ransom.
- •Operates a recruitment program for insiders to facilitate access to internal networks.
- •Often causes disruptions by deleting systems and resources in compromised environments.
Threat Level & Status Breakdown
For lapsus$ · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for lapsus$ in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for lapsus$
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for lapsus$
T1078
T1078
T1056
T1056
T1486
T1486
T1490
T1490
T1562
T1562
T1021
T1021
T1021.001
T1021.001
T1003
T1003
T1203
T1203
T1080
T1080
T1557
T1557
Victims(72)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| INGKA GROUP | ingka.com | SE Sweden | Retail & E-Commerce | Claimed | 8 days ago | |
| GITHUB INTERNAL | github.com | US United States | Technology | Data Leaked | 8 days ago | |
| VODAFONE | — | DE Germany | Technology | Unknown | 22 days ago | |
| AXCERA TRADING | — | US United States | Professional Services | Unknown | about 1 month ago | |
| CHECKMARX.COM | checkmarx.com | US United States | Technology | Claimed | about 1 month ago | |
| MAPFRE ASSURANCE | — | ES Spain | Financial Services | Data Leaked | 21 days ago | |
| CHECKMARX | — | US United States | Technology | Claimed | about 2 months ago | |
| AXCERA.IO | axcera.io | AE United Arab Emirates | Technology | Claimed | 3 months ago | |
| UNIV LILLE | — | FR France | Education | Claimed | 3 months ago | |
| ASTRAZENECA CORP | — | GB United Kingdom | Healthcare | Claimed | 3 months ago | |
| VirtaHealth | — | US United States | Healthcare | Claimed | 3 months ago | |
| MERCOR | — | US United States | Professional Services | Data Leaked | 21 days ago | |
| FR MINISTRY AGRI | — | FR France | Government & Defense | Unknown | 4 months ago | |
| ADIDAS EXTRANET | — | — | Retail & E-Commerce | Unknown | 4 months ago | |
| Eiffage | eiffage.com | FR France | Other | Unknown | 4 months ago | |
| OSAC Aero | osac.aero | FR France | Manufacturing | Unknown | 4 months ago | |
| Salesfloor | salesfloor.com | CA Canada | Technology | Unknown | 4 months ago | |
| Adidas | adidas.de | DE Germany | Retail & E-Commerce | Unknown | 4 months ago | |
| Loozap | loozap.com | CH Switzerland | Retail & E-Commerce | Unknown | 4 months ago | |
| Lacoste | lacoste.com | FR France | Retail & E-Commerce | Unknown | 4 months ago |
Page 1 of 4
Affected countries(58)
Countries where this group has been reported to target or leak victims.