ShellCodeX
Tools β€’ Events β€’ News β€’ Insights
Threat Group Profile

lapsus$

● Active β€” last 30 days
Victim claims 7
First seen Apr 2026
Last activity 23 Jun 2026
Tracked since Mar 2026

Group overview

Lapsus$ is an internationally composed data extortion group most active from mid-2021 through 2022, executing high-profile breaches against Microsoft, Nvidia, Samsung, Okta, and Uber by stealing source code and threatening leaks rather than encrypting files; several members β€” predominantly teenagers β€” were arrested in the UK.

Preferred targets

Financial Services Β· 2 Technology Β· 2 Consumer Services Β· 1 Telecommunication Β· 1 Business Services Β· 1

Most targeted countries

US Β· 3 MM Β· 1 SE Β· 1 DE Β· 1 ES Β· 1

Victim Claims Timeline

Back to radar
AYA BANK
πŸ‡²πŸ‡² MM Financial Services ayabank.com
INGKA GROUP
πŸ‡ΈπŸ‡ͺ SE Consumer Services ingka.com
GITHUB INTERNAL
πŸ‡ΊπŸ‡Έ US Technology github.com
MAPFRE ASSURANCE
πŸ‡ͺπŸ‡Έ ES Financial Services
VODAFONE
πŸ‡©πŸ‡ͺ DE Telecommunication vodafone.com
AXCERA TRADING
πŸ‡ΊπŸ‡Έ US Business Services AXCERA.IO
CHECKMARX
πŸ‡ΊπŸ‡Έ US Technology checkmarx.com