Lapsus$ Analysis Finds Need for Better IAM, MFA Deployments

An in-depth analysis of the activities and capabilities of the Lapsus$ hacking and extortion group found that its members mainly used well-known tactics and techniques in its operations and took advantage of known weaknesses in enterprise networks and the procedures of technology providers in order to gain access to targets and steal sensitive data.

Over the course of about two years, Lapsus$ members infiltrated a number of high-profile targets, including Microsoft, Nvidia, and Okta, often using some combination of social …

access analysis capabilities enterprise enterprise networks extortion extortion group found hacking iam mfa networks operations order procedures tactics techniques technology weaknesses well-known