chg: [threat-actor] added LAPSUS$/DEV-05737 Merge pull request #693 from danielplohmann/patch-15

adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 10:27:16 +01:00 · 2022-03-23 10:27:16 +01:00 · 8c2a9af8b8
parent 6f0208dcaf 24a3f16ab4
commit 8c2a9af8b8
1 changed files with 16 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9036,7 +9036,22 @@
      },
      "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c",
      "value": "MosesStaff"
+    },
+    {
+      "description": "An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.",
+      "meta": {
+        "refs": [
+          "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/",
+          "https://blog.checkpoint.com/2022/03/07/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/"
+        ],
+        "synonyms": [
+          "LAPSUS$",
+          "DEV-0537"
+        ]
+      },
+      "uuid": "d9e5be22-1a04-4956-af6c-37af02330980",
+      "value": "LAPSUS"
    }
  ],
-  "version": 214
+  "version": 215
 }