Ransomware.live: lapsus$

Contact us Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

| Active

Lapsus$ is an internationally composed data extortion group most active from mid-2021 through 2022, executing high-profile breaches against Microsoft, Nvidia, Samsung, Okta, and Uber by stealing source code and threatening leaks rather than encrypting files; several members — predominantly teenagers — were arrested in the UK.

Victims

19

First Discovered

2021-12-10

victim

Last Discovered

2026-05-10

victim

Inactive Since

9

days

Avg Delay

8.2

days

Infostealer

53.3%

victims with domain

Countries

10

hit

View Victims on World Map View Group Statistics

Attack Velocity — Last 12 months

Stable vs last month

Known Locations (3)

Favicon	Title	Type	Available	Last Visit	Server Info	FQDN
	Origin DNS error \| lapsus.cz \| Cloudflare		No	2026-04-28T07:24:28		`lapsus.cz`
	LAPSUS$ \| DATA REPOSITORY		Yes	2026-05-19T16:37:01	ddos-guard	`lapsus.by`
	Directory listing for /		Yes	2026-05-19T16:37:52	SimpleHTTP 0.6 Python 3.12.3	`mwojud552brg7rl3obqjvv2funhwpg6acdsuuoeytq7365kmaeoi4gqd.onion`

Target

Heatmap

Tools Used

This information is provided by Ransomware-Tool-Matrix
Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
ADExplorer	AnyDesk	placeholder	Mimikatz	placeholder	placeholder	NTDS Utility (ntdsutil)	placeholder

YARA Rules (1)

Indicators of Compromise (IoCs) (1)

Hash SHA256 1

Type	IOC
`Hash SHA256`	`bdcb86e57332cc0b98c9f86456c4d014f6cf9ff96c21287af25046dc9dff8fa5`

Victims (19)

Discovered: 2026-05-10 (9d ago)

Trading Algorithms, Client Portfolios, KYC Data & Financial Logs…

Discovered: 2026-04-25 (23d ago) · Attack est.: 2026-04-24

Source Code, Employee DB, API Keys, MongoDB/MySQL Creds…

Discovered: 2026-04-05 (1mo ago) · Attack est.: 2026-03-22

Source Code + Infrastructure Configs…

ASTRAZENECA CORP

Discovered: 2026-04-05 (1mo ago) · Attack est.: 2026-03-25

Source Code, Employee DB, API Keys, MongoDB/MySQL Creds…

Discovered: 2026-04-05 (1mo ago) · Attack est.: 2026-03-29

Healthcare research…

Eiffage

Discovered: 2026-03-01 (2mo ago)

[AI generated] Eiffage S.A. is a French publicly-listed company established in 1993, specializing in…

Discovered: 2026-03-01 (2mo ago)

[AI generated] "OSAC Aero" is a Spanish aeronautical engineering company. They provide aeronautical …

Discovered: 2026-03-01 (2mo ago)

[AI generated] Salesfloor is a software company that provides a mobile platform designed to connect …

Adidas

Discovered: 2026-03-01 (2mo ago)

[AI generated] Adidas is a renowned German multinational corporation that specializes in sports appa…

Loozap

Discovered: 2026-03-01 (2mo ago)

[AI generated] Loozap is an online marketplace that provides a platform for users to buy and sell se…

Lacoste

Discovered: 2026-03-01 (2mo ago)

[AI generated] Lacoste is a high-end French clothing company founded in 1933 by tennis player René L…

DreamUp

Discovered: 2026-03-01 (2mo ago)

[AI generated] DreamUp is an American company that provides space-based educational opportunities to…

Lille University

Discovered: 2026-03-01 (2mo ago)

[AI generated] Lille University, also known as University of Lille, is a well-recognized public univ…

FR Ministry of Agriculture

Discovered: 2026-03-01 (2mo ago)

[AI generated] The FR Ministry of Agriculture, or the French Ministry of Agriculture, is a governmen…

Discovered: 2026-03-01 (2mo ago)

[AI generated] Eni Energy is an Italian multinational oil and gas company headquartered in Rome. Fou…

Samsung Electronics

Discovered: 2022-03-07 (4y ago)

No description available

Nvidia

Discovered: 2022-02-25 (4y ago)

No description available

Impresa

Discovered: 2022-01-01 (4y ago)

No description available

Brazilian Ministry of Health

Discovered: 2021-12-10 (4y ago)

No description available