APT / THREAT GROUP
LAPSUS
7
aliases
Last seen:Mar 17, 2026
Intelligence Profile
An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.
Threat Analysis
LAPSUS is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning LAPSUS
18th May – Threat Intelligence Report
Check Point Research· May 18, 2026
Grafana Confirms Breach After Hackers Claim They Stole Data
SecurityWeek· May 18, 2026
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
BleepingComputer· Apr 28, 2026
Mercor Hit by LiteLLM Supply Chain Attack
SecurityWeek· Apr 2, 2026
Mercor confirms security incident tied to LiteLLM supply chain attack
The Record· Apr 1, 2026
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
Infosecurity Magazine· Mar 31, 2026
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
SecurityWeek· Mar 25, 2026
Extortion Group Claims It Hacked AstraZeneca
SecurityWeek· Mar 24, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases7
SourceMalpedia
Also Known As
LAPSUS$SLIPPY SPIDERLapsusLAPSUSDEV-0537Strawberry TempestUNC3661
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.