{
	"id": "d9ff58db-990c-4065-a977-8ec800ab8f76",
	"created_at": "2026-04-06T00:16:04.500552Z",
	"updated_at": "2026-04-10T03:28:46.829045Z",
	"deleted_at": null,
	"sha1_hash": "d677fed602c05b27818c83fe6d0efaea8cf42ffa",
	"title": "Brazil arrests suspect believed to be a Lapsus$ gang member",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2610716,
	"plain_text": "Brazil arrests suspect believed to be a Lapsus$ gang member\r\nBy Sergiu Gatlan\r\nPublished: 2022-10-19 · Archived: 2026-04-05 12:57:21 UTC\r\nToday, the Brazilian Federal Police arrested a Brazilian suspect in Feira de Santana, Bahia, believed to be part of the\r\nLapsus$ extortion gang.\r\nThe suspect was detained following an investigation started in December 2021 after last year's breach of the Brazilian\r\nMinistry of Health.\r\nDuring the incident, the attackers deleted files and defaced the Ministry of Health website to display a message where the\r\nLapsus$ hacking group claimed the attack and said it had stolen data from the ministry's network.\r\nhttps://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe investigations that led to the arrest are a result of Operation Dark Cloud, launched in August and aiming to collect\r\ninformation on the activity of a possible criminal organization behind multiple cyberattacks targeting Brazilian government\r\nagencies since the end of last year.\r\nBesides the Ministry of Health, the group also targeted dozens of other Brazilian Federal Government bodies and entities,\r\nincluding the Ministry of Economy, the Comptroller General of the Union, and the Federal Highway Police.\r\n\"The crimes determined in the police investigation are those of criminal organization, invasion of a computer device,\r\ninterruption or disturbance of telegraphic, radiotelegraphic or telephone service, preventing or hindering its restoration,\" the\r\nBrazilian Federal Police said (automated translation).\r\n\"It was also found the practice of corruption of minors, a crime provided for in the Statute of Children and Adolescents, and\r\nmoney laundering, according to Law No. 9,613/1998.\"\r\nLapsus$ member arrests\r\nThe City of London Police also arrested seven individuals from the UK in late March under suspicions that they were\r\nconnected with the Lapsus$ gang.\r\nTwo of them were charged on April 2nd with helping the Lapsus$ extortion gang. They were both released on bail after\r\nappearing in the Highbury Corner Magistrates Court.\r\nLast month, UK Police also detained a 17-year-old teen believed to be behind the Uber hack, attributed to the Lapsus$\r\nextortion group.\r\nThe Lapsus$ gang has made the news this year after attacking high-profile tech companies worldwide, including Microsoft,\r\nNvidia, Samsung, Ubisoft, Okta, telecom company Vodafone, and e-commerce giant Mercado.\r\nIn many cases, the extortion group also leaked closed source code and proprietary data stolen from their victims, leading to\r\nmassive data leaks.\r\nMost Lapsus$ members are believed to be teenagers driven not by financial motivation but mainly by their goal of making a\r\nname on the hacking scene.\r\nThe FBI is also looking into Lapsus$'s illegal activities and seeking info concerning those group members who were\r\ninvolved in the compromise of computer networks belonging to US-based companies.\r\n\"These unidentified individuals took credit for both the theft and dissemination of proprietary data that they claim to have\r\nillegally obtained,\" the US law enforcement agency says. \"The FBI is seeking information regarding the identities of the\r\nindividuals responsible for these cyber intrusions.\"\r\nAlthough it's still unclear how many active members the gang still has, it is believed that Lapsus$ has affiliates worldwide\r\nand, based on Telegram chats seemingly suggesting, they speak multiple languages, including English, Russian, Turkish,\r\nGerman, and Portuguese.\r\nhttps://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/\r\nhttps://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member/"
	],
	"report_names": [
		"brazil-arrests-suspect-believed-to-be-a-lapsus-gang-member"
	],
	"threat_actors": [
		{
			"id": "be5097b2-a70f-490f-8c06-250773692fae",
			"created_at": "2022-10-27T08:27:13.22631Z",
			"updated_at": "2026-04-10T02:00:05.311385Z",
			"deleted_at": null,
			"main_name": "LAPSUS$",
			"aliases": [
				"LAPSUS$",
				"DEV-0537",
				"Strawberry Tempest"
			],
			"source_name": "MITRE:LAPSUS$",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d4b9608d-af69-43bc-a08a-38167ac6306a",
			"created_at": "2023-01-06T13:46:39.335061Z",
			"updated_at": "2026-04-10T02:00:03.291149Z",
			"deleted_at": null,
			"main_name": "LAPSUS",
			"aliases": [
				"Lapsus",
				"LAPSUS$",
				"DEV-0537",
				"SLIPPY SPIDER",
				"Strawberry Tempest",
				"UNC3661"
			],
			"source_name": "MISPGALAXY:LAPSUS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2347282d-6b88-4fbe-b816-16b156c285ac",
			"created_at": "2024-06-19T02:03:08.099397Z",
			"updated_at": "2026-04-10T02:00:03.663831Z",
			"deleted_at": null,
			"main_name": "GOLD RAINFOREST",
			"aliases": [
				"Lapsus$",
				"Slippy Spider ",
				"Strawberry Tempest "
			],
			"source_name": "Secureworks:GOLD RAINFOREST",
			"tools": [
				"Mimikatz"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b",
			"created_at": "2022-10-25T16:07:24.503878Z",
			"updated_at": "2026-04-10T02:00:05.014316Z",
			"deleted_at": null,
			"main_name": "Lapsus$",
			"aliases": [
				"DEV-0537",
				"G1004",
				"Slippy Spider",
				"Strawberry Tempest"
			],
			"source_name": "ETDA:Lapsus$",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434564,
	"ts_updated_at": 1775791726,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d677fed602c05b27818c83fe6d0efaea8cf42ffa.pdf",
		"text": "https://archive.orkl.eu/d677fed602c05b27818c83fe6d0efaea8cf42ffa.txt",
		"img": "https://archive.orkl.eu/d677fed602c05b27818c83fe6d0efaea8cf42ffa.jpg"
	}
}