LAPSUS$ Speaks: Inside the Minds of the Notorious Cyber Group
In an exclusive interview with ‘חדשות סייבר - ארז דסה’, the notorious LAPSUS$ hacking collective offers a rare glimpse into their operations and motivations. Dispelling rumors of a partnership with ShinyHunters, LAPSUS$ claims the group has devolved into mere impersonators. They also addressed the TeamPCP supply chain attacks, noting that while the impact could have been far greater, they have since reorganized their internal infrastructure with TeamPCP to mitigate future risks. This collaboration with TeamPCP, now reportedly involving Vect, focuses on technical execution by TeamPCP, granting LAPSUS$ access for exploitation, with LAPSUS$ stating, “Several targets have already been attacked, and more victims will be affected later.”
Regarding law enforcement pressure, including FBI investigations and arrests in the UK and Brazil, LAPSUS$ acknowledges that each incident impacts their operations, leading to past periods of inactivity. However, they assert their return, promising future actions will speak for themselves. On their controversial practice of openly recruiting insiders for high payments, the group claims to vet individuals rigorously, trusting only those who can prove their insider status, and dismisses concerns about law enforcement infiltration as a minor risk due to their closed nature.
The group highlighted Multi-Factor Authentication (MFA) bypass and SIM swapping as historically effective entry methods. However, they now lean more heavily on insider recruitment and voice phishing (vishing), leveraging intelligence from supply chain attacks to shift towards more technically driven access rather than solely social engineering. Looking ahead, LAPSUS$ plans to continue its trajectory of visibility, impact, and collaboration, particularly with TeamPCP, aiming to expose and extort companies. They believe only a fundamental shift in organizational mindset, which they deem unlikely, could halt their operations, citing money and enjoyment as their primary drivers.
What This Means For You
- Organizations must recognize that sophisticated threat actors like LAPSUS$ are evolving their tactics beyond traditional social engineering, increasingly leveraging supply chain compromises and insider threats. Enhance defenses by rigorously vetting third-party software dependencies and strengthening insider threat programs through robust monitoring and access controls.
Related coverage
Microsoft Open-Sources RAMPART and Clarity for AI Agent Security
Microsoft has released two new open-source tools, RAMPART and Clarity, designed to enhance the security testing of AI agents during development. According to The Hacker...
Holidays and Long Weekends: Prime Time for Cyber Attacks
Cyber News - Erez Dasa highlights a critical vulnerability for organizations during holidays and long weekends: reduced staffing and slower incident response. While businesses slow...
Microsoft Critical Vulnerabilities Double, Attackers Target Privilege Escalation
Microsoft's total vulnerability count remained stable in 2025, but critical flaws saw a significant year-over-year increase, according to BleepingComputer. This surge in critical vulnerabilities highlights...