Lapsus$ uses a variety of attack vectors, including social engineering, MFA fatigue, SIM swapping,[6] and targeting suppliers.
[8] Lapsus$ gained notoriety for a series of cyberattacks against large tech companies, including Microsoft, Nvidia, and Samsung.
By Friday afternoon the message had been removed, but the website and user data in the "ConecteSUS" app, which provides Brazilians with COVID vaccination certificates, remained unavailable, causing disruption for travelers.
[13][14] Based on the final forensic report, Okta's Chief Security Officer David Bradbury said the attack only impacted two active customers.
[18] On 10 March 2022, gaming company Ubisoft confirmed that it had experienced a "cyber security incident", although user data had not been accessed.
A prominent member of Lapsus$ going by the pseudonym "White" unsuccessfully attempted to gain access to the T-Mobile accounts of the Federal Bureau of Investigation and the United States Department of Defense.
The following day, the group released a 37 GB zip file containing, among other things, "90% of the source code for the Bing search engine".
[28] On 25 December 2023, additional content obtained from the breach a year prior was reported to have been leaked, including game files for the planned follow-up to Bully, Python code to Grand Theft Auto VI, and the full source code to Grand Theft Auto V, which included hints about planned DLC content for the game.
[37][33] He was assessed by psychiatrists as unfit to stand trial,[34] but a 7-week court case proceeded until August 2023, and resulted in both the 17-year old and the prominent member being convicted.
[11] On October 19, 2022, a Brazilian citizen believed to be a Lapsus$ member was arrested by the police in Feira de Santana, Bahia and subsequently accused of the attacks on the Brazil Ministry of Health and other cybercrimes after "Operation Dark Cloud".
[citation needed] The group's assumed modus operandi was based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees.
[7] Lapsus$ then used remote desktop or network access to obtain sensitive data, such as customer account details or source code.