Lapsus$

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.

The composition of the group was described by City of London Police, with at least two of the members being teenagers. Lapsus$ uses a variety of attack vectors, including social engineering, MFA fatigue, SIM swapping, and targeting suppliers. Once the group has gained the credentials to a privileged employee within the target organisation, the group then attempts to obtain sensitive data through a variety of means, including using remote desktop tools. Attempts at extortion follow. The messaging app Telegram had been used for communications to the public, including recruitment and posting sensitive data from their victims, although that usage has diminished.

The first major cyberattack attributed to Lapsus$ was against the Brazilian Health Ministry's computer systems in December 2021. In March 2022, Lapsus$ gained notoriety for a series of cyberattacks against large tech companies, including Microsoft, Nvidia, and Samsung. Following these attacks, the City of London Police announced that it had made seven arrests in connection to a police investigation into Lapsus$. Although the group had been considered inactive by April 2022, the group is believed to have re-emerged in September 2022 with a series of data breaches against various large companies through a similar attack vector, including Uber and Rockstar Games, with subsequent arrests again by City of London Police, and Brazilian police. The group appears to have become inactive after September 2022, with members perhaps dispersing to other groups, and the conviction of two British members.