Security news aggregator

Latest coverage for Lapsus

Coverage of incidents reported as linked to Lapsus, including attribution analysis, infrastructure, disruption efforts, and defensive guidance.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Lapsus$ is a threat actor or intrusion set associated in public reporting with high-profile compromises, theft of corporate data and source code, and extortion through threats to disclose stolen information. Attribution can be difficult because the name may encompass activity by multiple individuals, so reporting should distinguish confirmed facts from claims made by the group or by investigators.

The material security concern is the exposure of identity and support processes: reported incidents have involved social engineering, compromised employee accounts, and access to cloud or development environments. Defenders should enforce phishing-resistant multifactor authentication where possible, tightly control help-desk account recovery, monitor unusual sign-ins and session use, and limit access to repositories and sensitive stores. If an intrusion is suspected, promptly preserve authentication and cloud logs, revoke sessions, rotate credentials and tokens, determine what data was accessed or removed, and assess privacy and notification obligations.

Volume over time

Weekly headline count for the current query.

Showing 14 most recent headlines Filtered view
Bank Info Security 1 month, 4 weeks ago

GitHub Hacked, Internal Repositories Offered for Sale

A Single Developer Downloaded a Poisoned VS Code Extension, and Now LookGitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.

Bank Info Security 6 months, 1 week ago

Deception Tech Snares Shiny Hunter Attacker's IP Address

Targeted Threat Intel Firm Shares Details With Police After Honeypot HitGetting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.

Bank Info Security 7 months, 2 weeks ago

Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users

Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group CampaignContinuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.

Bank Info Security 7 months, 3 weeks ago

Salesforce Details Supply Chain Attack Targeting Gainsight

Cybercrime Group ShinyHunters Claims to Steal Data From 300 OrganizationsThe attack that targeted customer data management tool Gainsight resulted in the theft of information from approximately 300 Salesforce-using firms, the Scattered Lapsus$ Hunters subgroup ShinyHunters has claimed. Salesforce and Gainsight have shared more details as their investigation continues.

Bank Info Security 8 months, 4 weeks ago

Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook

Chaos Theory and Ransomware's Love Child Serves Up Nonstop UnpredictabilityAll is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Also: Continued Turmoil at CISA, MSSP Level Blue's Acquisition of CybereasonIn this week's panel, four ISMG editors discussed the FBI's takedown of Scattered Lapsus$ Hunters, turmoil inside CISA amid the U.S. federal government shutdown and how LevelBlue's acquisition of Cybereason signals big shifts in the XDR and MDR markets.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop UnpredictabilityAll is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop UnpredictabilityAll is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Spider who wield not just technical and trickster chops, but also a chaos and unpredictability.

Criminals Claim Leak of Customer Data From Six Victims, Including Qantas AirlinesA ransomware group that's been extorting Salesforce customers leaked some stolen data, following the FBI disrupting its shakedown sites. ShinyHunters, part of the rebranded Scattered Lapsus$ Hunters group, after leaking data from six victims, declared its Salesforce customer shakedown over.

Bank Info Security 9 months, 2 weeks ago

Ransomware Group Debuts Salesforce Customer Data Leak Site

Scattered Lapsus$ Hunters Claims 1 Billion Stolen Records, Pressures Victims to PayContinuing its ongoing extortion of Salesforce customers, the Scattered Lapsus$ Hunters ransomware operation has launched a data leak site, claiming to have stolen 1 billion records from hundreds of organizations that integrated Salesforce with the Salesloft Drift AI chatbot.

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' RetirementElements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Bank Info Security 10 months, 1 week ago

Breach Roundup: Scattered Lapsus$ Hunters Behind Jaguar Hack

Also, Disney Pays $10M to Settle Child Privacy Case, Spain Scraps Huawei DealThis week, Jaguar hack, Disney settled a child privacy case, Texas sued PowerSchool and federal prosecutors sued a toy maker. Spain voided a Huawei contract, Pennsylvania AG confirmed a ransomware attack. U.S. immigration enforcement resumed a spyware contract and Baltimore lost $1.5 million to BEC.