{"id":45749,"date":"2022-03-17T03:58:20","date_gmt":"2022-03-17T03:58:20","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/"},"modified":"2022-03-17T03:58:20","modified_gmt":"2022-03-17T03:58:20","slug":"devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/","title":{"rendered":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs"},"content":{"rendered":"<p><span data-label=\"analysis\">Analysis<\/span> The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country&#8217;s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.<\/p>\n<p>However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.<\/p>\n<p>Lapsus$ in February <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/02\/26\/nvidia_security_breach\/\" rel=\"noopener\">compromised Nvidia<\/a>, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Days later, the group broke into Samsung, hoping to unlock the secrets of its TrustZone secure environment, and eventually <a href=\"https:\/\/www.theregister.com\/2022\/03\/07\/samsung_lapsus_data_theft\/\">leaked almost 200GB of data<\/a>, including algorithms related to its biometric technologies, source code for bootloaders, activation servers, and authentication for Samsung accounts, and source code given to chip-designing partner Qualcomm.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Ubisoft, whose games include Assassin&#8217;s Creed, Prince of Persia and Watch Dogs, last week <a href=\"https:\/\/news.ubisoft.com\/en-gb\/article\/3tSsBh25mhHhlbGSy1xbRw\/ubisoft-cyber-security-incident-update\" rel=\"nofollow\">said<\/a> in a brief statement it had &#8220;experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue.&#8221;<\/p>\n<p>The development house added that all of its games and services were operating as normal despite the attack. The online criminals have <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.theverge.com\/2022\/3\/11\/22972768\/ubisoft-cyber-security-incident-hack\">reportedly<\/a> claimed the disruption was their work.<\/p>\n<h3 class=\"crosshead\"> <span>Growing pains<\/span><br \/>\n<\/h3>\n<p>The attacks on Nvidia, Samsung, and seemingly Ubisoft represent a sharp upward turn in terms of the size of Lapsus$&#8217;s targets.<\/p>\n<p>Cybersecurity experts describe a still-maturing cybercriminal group that is testing its capabilities with a range of different attack methods \u2013 from data extortion to ransomware \u2013 and may be taking advantage of Russia&#8217;s invasion of Ukraine, which is distracting and diverting malware pushers and cybersecurity vendors alike.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Based on their public behavior and communication observed from the group, it is believed that they are a completely new group and not simply a rebranded threat group,&#8221; Tyler Croak, principal strategist at cybersecurity vendor Lookout, told <em>The Register<\/em>.<\/p>\n<p>&#8220;While the group seems to be mostly financially motivated, there are signs of additional motivations.&nbsp;For example, their early attacks had a heavier focus on data extortion and payment, but in their Nvidia attack we saw a demand for the organization to make their IP open source. This strays into hacktivist territory.&#8221;<\/p>\n<p>The fact that they are using multi-faceted extortion tactics in their ransomware campaigns &#8220;shows that the group is not entirely aligned and is still maturing, but they are showing signs of evolving into a formidable threat group,&#8221; Croak said. &#8220;They are beginning to take advantage of multiple avenues to try to infiltrate and persist within an organization.&#8221;<\/p>\n<p>That included issuing a statement recently offering money to employees at large corporations for their remote-access credentials, to signing malware with stolen certificates to get around security software, the experts said.&nbsp;<\/p>\n<p>&#8220;We have a group here that is flexing their muscles to build &#8216;street cred,&#8217; has been profitable with ransoms, and seem to be untouchable at the moment,&#8221; Richard Fleeman, vice president at security advisory services provider Coalfire, told <em>The Register<\/em>.<\/p>\n<h3 class=\"crosshead\"> <span>Russian invasion blowback<\/span><br \/>\n<\/h3>\n<p>Casey Ellis, founder and CTO at crowdsourced cybersecurity firm Bugcrowd, said threat groups tend to keep their effort focused on primarily goals, enabling them to scale while minimizing their own attack surface. However, &#8220;judging by the access and exfiltration they&#8217;ve achieved, Lapsus$ is technically proficient, and their organizational structure \u2013 or general &#8216;devil may care&#8217; \u2013 approach sees them attacking a wide variety of targets for a wide variety of stated reasons,&#8221; Ellis said.<\/p>\n<p>Why the crooks are ramping up their attacks so quickly is still unclear. Ellis noted that the tech industry itself is highly technology-dependent, giving skilled attackers a broad array of options for exploitation and for ransomware and data exfiltration.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Others point to global attention being paid to Russia&#8217;s war on Ukraine. &#8220;Lapsus$&#8217;s behavior suggests a less mature organization than others we&#8217;ve seen, but the risks to their targets are just as real,&#8221; Casey Bisson, head of product and developer relations at cybersecurity firm BluBracket, told <em>The Register<\/em>.<\/p>\n<blockquote class=\"pullquote\" readability=\"5\">\n<p>They&#8217;re becoming an aspirational example to new potential actors around the world<\/p>\n<\/blockquote>\n<p>&#8220;With the usual cybercrime suspects focused on the war in Ukraine and related targets, there&#8217;s room for less professional actors to step forward. In doing so, they&#8217;re becoming an aspirational example to new potential actors around the world.&#8221;<\/p>\n<p>&#8220;Part of me wonders if they saw an opening created by &#8216;air cover&#8217; of those conflicts in cyber-defense,&#8221; Ellis said. &#8220;Chaos creates an opportunity to create \u2013 and potentially get away with \u2013 more chaos.&#8221;<\/p>\n<p>However, while Lapsus$ is showing itself to be a threat to major corporations, going after such high-profile targets puts itself into the spotlight. Ellis pointed to the government pressure put on the REvil ransomware group that led to the <a href=\"https:\/\/www.theregister.com\/2022\/01\/14\/russia_revil_ransomware_gang_charged\/\">arrest<\/a> of its members by Russian authorities this year, and an offensive cyber weapon used by the United States that knocked the group offline in 2021.<\/p>\n<p>The size and number of Lapsus$&#8217;s targets are increasing, expanding the risk that they&#8217;ll be discovered and taken down.<\/p>\n<p>&#8220;As we saw with the REvil group, if you poke a big enough bear, you can elicit a fairly devastating government and law enforcement response,&#8221; Ellis said.<\/p>\n<p>BluBracket&#8217;s Bisson said Lapsus$ with its growing ambitions and capabilities is the latest example of how it often takes time for law enforcement to catch up with what miscreants are doing.<\/p>\n<p>&#8220;Ninety years ago, Bonnie Parker and Clyde Barrow figured out how to weaponize the automobile against banks, and the legal system \u2013 constrained by state lines \u2013 was unprepared to deal with the mobile threat,&#8221; he said.<\/p>\n<p>&#8220;Today, threat actors pursuing a broad mix of goals can attack enterprises and individuals [that are] continents away, and our legal system is similarly unprepared to deal with it. Lapsus$ shows us that we&#8217;re now facing a larger, even more distributed number of actors pursuing a broader mix of goals.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/03\/17\/lapsus-larger-companies\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hitting big targets, untouchable, technically proficient. Who will it inspire next? Analysis\u00a0 The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country&#8217;s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-45749","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-17T03:58:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs\",\"datePublished\":\"2022-03-17T03:58:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/\"},\"wordCount\":1036,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/\",\"name\":\"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-03-17T03:58:20+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/","og_locale":"en_US","og_type":"article","og_title":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-03-17T03:58:20+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs","datePublished":"2022-03-17T03:58:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/"},"wordCount":1036,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/","url":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/","name":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-03-17T03:58:20+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YjLarqsCoN9LctxEoYR8vwAAANc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/devil-may-care-lapsus-gang-is-not-the-aspirational-brand-infosec-needs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45749"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45749\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}