Krebs on Security cites Flashpoint research.
“LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email.”
Krebs on Security cites Flashpoint research detailing LAPSUS$’s insider recruitment and social engineering tactics.
Who is the LAPSUS$ data extortion group?
LAPSUS$ is a data extortion group that targets large organizations by stealing internal data and threatening public leaks rather than deploying ransomware.
How does LAPSUS$ gain access to victim organizations?
The group relies heavily on social engineering, insider recruitment, SIM swapping, and abuse of help desk and supply chain relationships.
How does Flashpoint research track LAPSUS$ activity?
Flashpoint research analyzes Telegram communications, victim targeting patterns, and access methods to assess how LAPSUS$ operates and evolves. Learn more in Flashpoint’s analysis of the group.
Subscribe to our weekly threat intelligence newsletter
Interested to see top news from Flashpoint hit your inbox directly? Subscribe to our newsletter to receive curated content on a bi-weekly basis.