LAPSUS$ exposes cyber gaps in organisations

The LAPSUS$ group, widely reported to consist of teenagers, exploded onto the cyber scene late last year and has become one of the most talked about and notorious online extortion groups after successfully breaching major companies like Microsoft, Samsung, Ubisoft and Okta.

A deep dive into the operations of the LAPSUS$ group by Claire Tills, Senior Research Engineer at Tenable reveals that the group’s tactics, while brazen, illogical and unsophisticated, were still successful in disrupting major international technology companies. This is a sobering reminder that no organisation is truly safe from cyberattacks, as large to small organisations are fair game.

Unlike ransomware operators, the LAPSUS$ group represents a growing breed of extortion-only cybercriminals, focusing exclusively on data theft and extortion by gaining access to victims through tried-and-true methods like phishing, and stealing the most sensitive data it can find without deploying data-encrypting malware. The group jumped into the limelight when it launched an attack against Nvidia in late February. With this breach, LAPSUS$ made its debut onto the global stage and started a brief tear through major technology companies.

Unlike other threat groups, LAPSUS$ solely operates through a private Telegram group and doesn’t manage a dark web leak site. It’s through Telegram that the group announces victims, often soliciting input from the broader community on which organisation’s data to release next. Compared with the polished, standardised sites of ransomware groups (like AvosLocker, LockBit 2.0, Conti etc.), these practices come off as disorganised and immature.

With a string of high-profile targets lying in its wake, the LAPSUS$ group gained notoriety for its unconventional tactics and erratic methods. Early attacks featured distributed denial of service (DDoS) and website vandalism. But, as early as January 21, the LAPSUS$ group was already engaged in the multi-stage breach that eventually led to the incident at Okta. Throughout that maturation process, the LAPSUS$ group heavily leaned on classic tactics like purchasing credential dumps, social engineering help desks and spamming multifactor authentication (MFA) prompts to achieve initial access to target organisations.

“Just like ransomware, extortion attacks aren’t going anywhere until they are made too complicated or costly to conduct,” said Claire Tills, Senior Research Engineer, Tenable. “Organisations should evaluate what defences they have in place against the tactics used, how they can be hardened and whether their response playbooks effectively account for these incidents. While it may feel easy to downplay the threat groups like LAPSUS$, their disruption of major international technology companies reminds us that even unsophisticated tactics can have a serious impact.”

For more news updates, check out our June issue here.

Media contact 

Rebecca Morpeth Spayne, 

Editor, Security Portfolio 

Tel: +44 (0) 1622 823 922

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Security Mircon website

Edge Storage Powers Cloud Security

Micron Technology, alongside International Security Buyer, conducted a survey of installers, integrators, distributors, and security managers
Scroll to Top