Cyber Resilience

Threat actor · all actors

LAPSUS$G1004 unknown

aka LAPSUS$, DEV-0537, Strawberry Tempest

Last updated: 2026-07-03

0attributed CVEs
62ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://attack.mitre.org/groups/G1004) specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.(Citation: BBC LAPSUS Apr 2022)(Citation: MSTIC DEV-0537 Mar 2022)(Citation: UNIT 42 LAPSUS Mar 2022)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-433 / 6253%
AC-327 / 6244%
CM-627 / 6244%
AC-626 / 6242%
AC-224 / 6239%
IA-224 / 6239%
AC-420 / 6232%
CM-220 / 6232%
CM-519 / 6231%
CM-719 / 6231%
AC-518 / 6229%
CA-718 / 6229%
SI-716 / 6226%
IA-515 / 6224%
SC-714 / 6223%

Co-occurring actors

None.

Similar actors

Similar TTPs