{
	"id": "663cf49c-ddf3-4765-8758-4fbdd2169255",
	"created_at": "2026-04-06T15:53:02.825724Z",
	"updated_at": "2026-04-10T03:28:46.929241Z",
	"deleted_at": null,
	"sha1_hash": "0c0caa58ceab6cc7bf238edae610537b00ff1cb3",
	"title": "DHS Cyber Safety Board to review Lapsus$ gang\u0026rsquo;s hacking tactics",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1245938,
	"plain_text": "DHS Cyber Safety Board to review Lapsus$ gang\u0026rsquo;s hacking\r\ntactics\r\nBy Sergiu Gatlan\r\nPublished: 2022-12-02 · Archived: 2026-04-06 15:32:17 UTC\r\nThe Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to an extortion gang\r\nknown as Lapsus$, which breached multiple high-profile companies in recent incidents.\r\nThe Lapsus$ hacker group made the news earlier this year after hacking Microsoft, Nvidia, T-Mobile, Samsung, Uber,\r\nVodafone, Ubisoft, Okta, and e-commerce giant Mercado Libre.\r\nFollowing many incidents they were linked to, the extortion group also leaked proprietary data and source code stolen from\r\ntheir victims' networks, leading to massive data breaches and leaks.\r\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAs announced on Friday, the goal behind CSRB's review of the gang's hacking activities is to provide advice on defending\r\nagainst Lapsus$ attacks.\r\n\"With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable\r\nrecommendations to help the private and public sectors strengthen their cyber resilience,\" DHS Secretary Alejandro N.\r\nMayorkas said.\r\n\"As cyber threats continue to evolve, it is imperative that all organizations recognize that they are not invincible. The CSRB\r\nwill review the cyber activity of Lapsus$ in order to analyze their tactics and help organizations of all sizes protect\r\nthemselves,\" CSRB Deputy Chair Heather Adkins added.\r\nThe Cyber Safety Review Board is a public-private initiative composed out of 15 cybersecurity experts from private sector\r\norganizations and federal government entities.\r\nIt was established by President Biden via executive order in May 2021 to assess attacks leading to \"significant cyber\r\nincident,\" provide defense recommendations, and share any relevant confidential information with law enforcement.\r\nWhile the CSRB doesn't have enforcement authority or regulatory powers, it reports directly to the Secretary of Homeland\r\nSecurity and the President to ensure that relevant lessons are noted and its recommendations are implemented and addressed.\r\nSome Lapsus$ members arrested by law enforcement\r\nEarlier this year, the FBI said it's also looking into Lapsus$'s illegal activities and is seeking info regarding group members\r\ninvolved in the compromise of computer networks belonging to US-based organizations.\r\nSome suspected Lapsus$ members have already been arrested and charged for involvement in some of the gang's attacks by\r\nthe City of London Police, the U.K. Police, and the Brazilian Federal Police.\r\nMost of this group's members are believed to be teenagers driven not by financial motivation but by their aim of making a\r\nname for themselves on the hacking scene.\r\n\"Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare,\r\ngovernment facilities, and critical manufacturing,\" CISA Director Jen Easterly said.\r\n\"The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious\r\ncyber activities so we can mitigate risk to potential future victims. We applaud the CSRB for taking on this review to help\r\nadvance our collective cyber defense.\"\r\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\r\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/"
	],
	"report_names": [
		"dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics"
	],
	"threat_actors": [
		{
			"id": "be5097b2-a70f-490f-8c06-250773692fae",
			"created_at": "2022-10-27T08:27:13.22631Z",
			"updated_at": "2026-04-10T02:00:05.311385Z",
			"deleted_at": null,
			"main_name": "LAPSUS$",
			"aliases": [
				"LAPSUS$",
				"DEV-0537",
				"Strawberry Tempest"
			],
			"source_name": "MITRE:LAPSUS$",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d4b9608d-af69-43bc-a08a-38167ac6306a",
			"created_at": "2023-01-06T13:46:39.335061Z",
			"updated_at": "2026-04-10T02:00:03.291149Z",
			"deleted_at": null,
			"main_name": "LAPSUS",
			"aliases": [
				"Lapsus",
				"LAPSUS$",
				"DEV-0537",
				"SLIPPY SPIDER",
				"Strawberry Tempest",
				"UNC3661"
			],
			"source_name": "MISPGALAXY:LAPSUS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2347282d-6b88-4fbe-b816-16b156c285ac",
			"created_at": "2024-06-19T02:03:08.099397Z",
			"updated_at": "2026-04-10T02:00:03.663831Z",
			"deleted_at": null,
			"main_name": "GOLD RAINFOREST",
			"aliases": [
				"Lapsus$",
				"Slippy Spider ",
				"Strawberry Tempest "
			],
			"source_name": "Secureworks:GOLD RAINFOREST",
			"tools": [
				"Mimikatz"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b",
			"created_at": "2022-10-25T16:07:24.503878Z",
			"updated_at": "2026-04-10T02:00:05.014316Z",
			"deleted_at": null,
			"main_name": "Lapsus$",
			"aliases": [
				"DEV-0537",
				"G1004",
				"Slippy Spider",
				"Strawberry Tempest"
			],
			"source_name": "ETDA:Lapsus$",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775490782,
	"ts_updated_at": 1775791726,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0c0caa58ceab6cc7bf238edae610537b00ff1cb3.pdf",
		"text": "https://archive.orkl.eu/0c0caa58ceab6cc7bf238edae610537b00ff1cb3.txt",
		"img": "https://archive.orkl.eu/0c0caa58ceab6cc7bf238edae610537b00ff1cb3.jpg"
	}
}