LAPSUS$

Techniques (MITRE ATT&CK)43

SourceMITRE ATT&CK

Also known as:DEV-0537Strawberry Tempest

Vexday analysis

LAPSUS$, também rastreado como DEV-0537 e Strawberry Tempest, é um grupo de ameaça ativo pelo menos desde meados de 2021, especializado em engenharia social em larga escala e operações de extorsão, incluindo ataques destrutivos conduzidos sem o uso de ransomware. O grupo tem como alvo organizações em diversos setores globalmente, entre eles governo, manufatura, educação superior, energia, saúde, tecnologia, telecomunicações e mídia. Ao grupo são atribuídas 43 técnicas documentadas no MITRE ATT\&CK, uma CVE conhecida e uma vítima identificada no Brasil.

Techniques (MITRE ATT&CK) 43

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Gather Victim Identity Information Credentials Email Addresses Business Relationships Identify Roles Code Repositories Purchase Technical Data Spearphishing Voice

Resource development

Virtual Private Server DNS Server Email Accounts Malware Tool

Initial access

Trusted Relationship

Execution

User Execution

Persistence

Additional Cloud Roles External Remote Services Cloud Account

Privilege escalation

Exploitation for Privilege Escalation

Credential access

NTDS DCSync Multi-Factor Authentication Interception Chat Messages Credentials from Web Browsers Password Managers Multi-Factor Authentication Request Generation

Discovery

Domain Groups Domain Account

Collection

Data from Local System Email Forwarding Rule Confluence Sharepoint Code Repositories Messaging Applications

Command and control

Proxy

Impact

Data Destruction Service Stop Account Access Removal

defense-impairment

Create Cloud Instance Delete Cloud Instance

stealth

Valid Accounts Cloud Accounts Impersonation

Exploited vulnerabilities 1

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2019-3610MEDIUMEPSS 0%

LAPSUS$ uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →