Cybercrime Group

LAPSUS$

United Kingdom/Brazil • Active since 2021

LAPSUS$ was a group of teenage hackers who embarrassed some of the world's biggest tech companies. They hacked Microsoft, stole NVIDIA's code, and breached the company that makes login systems for thousands of businesses (Okta). They did it mostly through bribery and social engineering. Several were arrested, including a 16-year-old.

Overview

LAPSUS$ was a loosely organized group of young hackers, including teenagers, who gained notoriety in 2022 for breaching major technology companies. Using social engineering and insider recruitment, they compromised Microsoft, Okta, NVIDIA, Samsung, and others. Several members were arrested, including a 16-year-old UK resident.

Also Known As

LAPSUS, DEV-0537

Target Industries

Technology, Telecommunications, Gaming, Healthcare, Retail, Government

Target Regions

Global, United States, Brazil, United Kingdom

Is your business exposed?

Tactics, Techniques & Procedures

  • Recruiting insiders through bribery
  • SIM swapping for MFA bypass
  • Social engineering of help desks
  • Exploiting trust in identity providers
  • Public data dumps on Telegram

Known Tools & Malware

Social engineering, SIM swapping, Insider recruitment and bribery, MFA bypass techniques, Telegram for communication

Notable Campaigns

Microsoft Breach (2022)

Stole source code for Bing, Cortana, and Azure DevOps.

Okta Breach (2022)

Compromised Okta customer support engineer, affecting 366 customers.

NVIDIA Breach (2022)

Stole 1TB of data including proprietary GPU designs and source code.

MITRE ATT&CK Techniques

T1656, T1586.002, T1598, T1078, T1199

Defense Recommendations

  1. 1.

    Implement strict controls on third-party/contractor access

  2. 2.

    Monitor for insider threat indicators and access anomalies

  3. 3.

    Use hardware security keys instead of SMS-based MFA

  4. 4.

    Audit and restrict access to sensitive source code

  5. 5.

    Establish channels for employees to report recruitment attempts

Related Threat Actors

Scattered Spider, Fin7

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices