TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Coverage of incidents reportedly linked to LAPSUS$, with analysis of infrastructure and disruption, security impact, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
LAPSUS$ is a name used in public reporting for an intrusion set associated with several high-profile compromises, particularly during 2021–2022. Investigations and victim disclosures linked the activity to social engineering, stolen credentials, account takeover—including reported abuse of help-desk or telecom recovery processes—and theft or attempted extortion of data and source code. Attribution, membership, and the relationship between individual incidents remain subject to change, so reports should be assessed for the evidence supporting each linkage.
Its security significance is the demonstrated exposure of identity and support workflows rather than reliance on a single malware family. Defenders should prioritize phishing-resistant multifactor authentication for privileged users, tightly control password resets and number-porting requests, limit administrator access, and monitor unusual identity-provider, cloud, and repository activity. After a suspected compromise, revoke sessions and tokens, rotate credentials and exposed secrets, preserve authentication and support-desk logs, and determine what data or code was accessed. These steps also help distinguish confirmed intrusion facts from claims made during extortion or incomplete early reporting.
Weekly headline count for the current query.
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective
Scattered Spider, ShinyHunters and LAPSUS$ have formed an enhanced coordinated threat network for extortion efforts
Scattered Lapsus$ Hunters may be preparing to launch an extortion-as-a-service model, according to Palo Alto Networks
The infamous BreachForums site has been taken offline again to disrupt Scattered Lapsus$ Hunters
JLR said it is investigating following claims by the actor “Scattered Lapsus$ Hunters” that it had stolen data from the firm and had issued an extortion demand
Arion Kurtaj was deemed not fit to stand trial
The CSRB proposed ten concrete recommendations for both governmental bodies and industries
Noose tightens around notorious cybercrime group
Individual may be linked to Lapsus$ group
The threat actor ‘teapotuberhacker’ could be linked to the Lapsus$ hacking group
Threat actor bombarded Uber contractor with 2FA requests