🇬🇧
LAPSUS
APT Group
8 zero-day CVEs
ETDA ✓
Also Known As 6 names
DEV-0537
LAPSUS$
Lapsus
SLIPPY SPIDER
Strawberry Tempest
UNC3661
Target Countries 13
Countries highlighted in red
Australia
Brazil
Germany
Spain
France
United Kingdom
India
Italy
Japan
Republic of Korea
Philippines
United States
Vietnam
Sectors Targeted
Pharmaceutical and Medicine Manufacturing
32541
Public Administration
92
Air Transportation
481
Employment Placement Agencies and Executive Search Services
56131
Promoters of Performing Arts, Sports, and Similar Events
7113
Finance and Insurance
52
Software Publishers
51121
Motor Vehicle Manufacturing
3361
Telecommunications
517
Sporting Goods Stores
45111
Computer Systems Design and Related Services
54151
Internet Publishing and Broadcasting and Web Search Portals
51913
Truck Transportation
484
Performing Arts Companies
7111
Spectator Sports
7112
Computer Systems Design Services
541512
Newspaper Publishers
51111
Details
Origin
🇬🇧 GB
Last Updated
05 Jan 2026
Malware Families 1
zhmimikatz
MITRE ATT&CK 118
T1003 - OS Credential Dumping
T1003.003
T1003.006
T1005 - Data from Local System
T1007 - System Service Discovery
T1008 - Fallback Channels
T1011 - Exfiltration Over Other Network Medium
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1027 - Obfuscated Files or Information
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1055 - Process Injection
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1060 - Registry Run Keys / Startup Folder
T1068
T1069
T1069.002
T1078
T1078.004
T1081 - Credentials in Files
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085 - Rundll32
T1087 - Account Discovery
T1087.002
T1090
T1095 - Non-Application Layer Protocol
T1098
T1098.003
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1111
T1112 - Modify Registry
T1113 - Screen Capture
T1114
T1114.001 - Local Email Collection
T1114.003
T1119 - Automated Collection
T1120 - Peripheral Device Discovery
T1124 - System Time Discovery
T1130 - Install Root Certificate
T1133
T1136
T1136.003
T1137 - Office Application Startup
T1140 - Deobfuscate/Decode Files or Information
T1170 - Mshta
T1199 - Trusted Relationship
T1204 - User Execution
T1204.002 - Malicious File
T1213
T1213.001
T1213.002
T1213.003
T1213.005
T1217 - Browser Bookmark Discovery
T1218 - Signed Binary Proxy Execution
T1485
T1486
T1489 - Service Stop
T1490
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003 - Time Based Evasion
T1498 - Network Denial of Service
T1503 - Credentials from Web Browsers
T1518 - Software Discovery
T1531
T1539 - Steal Web Session Cookie
T1546 - Event Triggered Execution
T1547 - Boot or Logon Autostart Execution
T1552 - Unsecured Credentials
T1552.008
T1553 - Subvert Trust Controls
T1555 - Credentials from Password Stores
T1555.003
T1555.005
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1566 - Phishing
T1571 - Non-Standard Port
T1578
T1578.002
T1578.003
T1583
T1583.003
T1584
T1584.002
T1586
T1586.002
T1588
T1588.001
T1588.002
T1589
T1589.001
T1589.002
T1591
T1591.002
T1591.004
T1593
T1593.003
T1597
T1597.002
T1598
T1598.004
T1621
T1656
T1684
T1684.001