← Back to Actors
LAPSUS$
LAPSUS$DEV-0537Strawberry Tempest
[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://attack.mitre.org/groups/G1004) specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.(Citation: BBC LAPSUS Apr 2022)(Citation: MSTIC DEV-0537 Mar 2022)(Citation: UNIT 42 LAPSUS Mar 2022)
44
Techniques
34
Covered
10
Gaps
77%
Coverage
Coverage34/44
GAPS (10)
COVERED (34)
T1003.003NTDS36 det.T1003.006DCSync16 det.T1005Data from Local System47 det.T1068Exploitation for Privilege Escalation99 det.T1069.002Domain Groups44 det.T1078Valid Accounts280 det.T1078.004Cloud Accounts167 det.T1087.002Domain Account57 det.T1090Proxy46 det.T1098.003Additional Cloud Roles53 det.T1111Multi-Factor Authentication Interception1 det.T1114.003Email Forwarding Rule15 det.T1133External Remote Services72 det.T1136.003Cloud Account33 det.T1199Trusted Relationship6 det.T1204User Execution85 det.T1213.002Sharepoint4 det.T1213.003Code Repositories9 det.T1485Data Destruction91 det.T1489Service Stop57 det.T1531Account Access Removal27 det.T1555.003Credentials from Web Browsers16 det.T1555.005Password Managers4 det.T1578.002Create Cloud Instance4 det.T1578.003Delete Cloud Instance1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1589.001Credentials2 det.T1589.002Email Addresses2 det.T1591.004Identify Roles2 det.T1593.003Code Repositories2 det.T1621Multi-Factor Authentication Request Generation23 det.T1656Impersonation184 det.