From 24a3f16ab483d9d889b9759d72fa6099a8af1388 Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Wed, 23 Mar 2022 09:47:10 +0100 Subject: [PATCH] adding threat actor group LAPSUS$ / DEV-0537. --- clusters/threat-actor.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 5d75f00f..4815b455 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9036,7 +9036,22 @@ }, "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c", "value": "MosesStaff" + }, + { + "description": "An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.", + "meta": { + "refs": [ + "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/", + "https://blog.checkpoint.com/2022/03/07/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/" + ], + "synonyms": [ + "LAPSUS$", + "DEV-0537" + ] + }, + "uuid": "d9e5be22-1a04-4956-af6c-37af02330980", + "value": "LAPSUS" } ], - "version": 214 + "version": 215 }