G1004

LAPSUSLAPSUS

Also known as: LAPSUS$ · DEV-0537 · SLIPPY SPIDER · Strawberry Tempest · UNC3661 · Lapsus

Known aliases
6

Profile

LAPSUS is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as LAPSUS$, DEV-0537, SLIPPY SPIDER (and 3 more). Original record: An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.

Aliases· 6

LAPSUS$DEV-0537SLIPPY SPIDERStrawberry TempestUNC3661Lapsus

MITRE ATT&CK Group crosswalk

G1004

References

  1. https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
  2. https://blog.checkpoint.com/2022/03/07/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/
  3. https://www.crowdstrike.com/adversaries/slippy-spider/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
LAPSUS$
Actor
Scattered Spider
Actor
Lazarus Group
Actor
Void Rabisu
Actor
Earth Lamia
Actor
RASPITE
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.