Threat actor · all actors
LAPSUS$G1004 unknown
aka LAPSUS$, DEV-0537, Strawberry Tempest
Last updated: 2026-07-03
0attributed CVEs
62ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://attack.mitre.org/groups/G1004) specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.(Citation: BBC LAPSUS Apr 2022)(Citation: MSTIC DEV-0537 Mar 2022)(Citation: UNIT 42 LAPSUS Mar 2022)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.003T1003.006T1005T1068T1069T1069.002T1078T1078.004T1087T1087.002T1090T1098T1098.003T1111T1114T1114.003T1133T1136T1136.003T1199T1204T1213T1213.001T1213.002T1213.003T1213.005T1485T1489T1531T1552T1552.008T1555T1555.003T1555.005T1578T1578.002T1578.003T1583T1583.003T1584T1584.002T1586T1586.002T1588T1588.001T1588.002T1589T1589.001T1589.002T1591T1591.002T1591.004T1593T1593.003T1597T1597.002T1598T1598.004T1621T1684T1684.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 33 / 62 | 53% |
AC-3 | 27 / 62 | 44% |
CM-6 | 27 / 62 | 44% |
AC-6 | 26 / 62 | 42% |
AC-2 | 24 / 62 | 39% |
IA-2 | 24 / 62 | 39% |
AC-4 | 20 / 62 | 32% |
CM-2 | 20 / 62 | 32% |
CM-5 | 19 / 62 | 31% |
CM-7 | 19 / 62 | 31% |
AC-5 | 18 / 62 | 29% |
CA-7 | 18 / 62 | 29% |
SI-7 | 16 / 62 | 26% |
IA-5 | 15 / 62 | 24% |
SC-7 | 14 / 62 | 23% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Scattered Spider 0.32
- C0027 0.28
- HAFNIUM 0.19
- VOID MANTICORE 0.18
- Sandworm Team 0.18