LAPSUS$
LAPSUS$ is cyber criminal threat group that has been active since at least mid-2021. LAPSUS$ specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.5
Low signal strength
Mentions3
Sources2
High conf.1
Last seenMay 2026
First observed
2022-06-09
Last active
—
Origin
United Kingdom / Brazil (international criminal group, members arrested 2022)
Aliases
3
Techniques
43
Campaigns
0
United Kingdom / Brazil (international criminal group, members arrested 2022)
Attribution signals
3 mentions · 2 sources#1successfully compromisedhigh
VictimologyTTP match
eset
May 2026
"In 2022, the LAPSUS$ group successfully compromised several big-name organizations including Samsung, Okta and Microsoft after targeting help desk staff."
#2claimed bymoderate
Unspecified
checkpoint
May 2026
"a source code leak claimed by the Lapsus$ extortion group"
#3unspecified
TTP matchVictimology
wiz-research
May 2026
Hedge terms observed
claimed bysuccessfully compromised