LAPSUS$ GROUP

Techniques

• T1003.003NTDS
• T1003.006DCSync
• T1005Data from Local System
• T1068Exploitation for Privilege Escalation
• T1069.002Domain Groups
• T1078Valid Accounts
• T1078.004Cloud Accounts
• T1087.002Domain Account
• T1090Proxy
• T1098.003Additional Cloud Roles
• T1111Multi-Factor Authentication Interception
• T1114.003Email Forwarding Rule
• T1133External Remote Services
• T1136.003Cloud Account
• T1199Trusted Relationship
• T1204User Execution
• T1213.001Confluence
• T1213.002Sharepoint
• T1213.003Code Repositories
• T1213.005Messaging Applications
• T1485Data Destruction
• T1489Service Stop
• T1531Account Access Removal
• T1552.008Chat Messages
• T1555.003Credentials from Web Browsers
• T1555.005Password Managers
• T1578.002Create Cloud Instance
• T1578.003Delete Cloud Instance
• T1583.003Virtual Private Server
• T1584.002DNS Server
• T1586.002Email Accounts
• T1588.001Malware
• T1588.002Tool
• T1589Gather Victim Identity Information
• T1589.001Credentials
• T1589.002Email Addresses
• T1591.002Business Relationships
• T1591.004Identify Roles
• T1593.003Code Repositories
• T1597.002Purchase Technical Data
• T1598.004Spearphishing Voice
• T1621Multi-Factor Authentication Request Generation
• T1684.001Impersonation