Live Latest activity →
LA

lapsus$

Known ransomware group ACTIVE
Currently active

Lapsus$ is an internationally composed data extortion group most active from mid-2021 through 2022, executing high-profile breaches against Microsoft, Nvidia, Samsung, Okta, and Uber by stealing source code and threatening leaks rather than encrypting files; several members — predominantly teenagers — were arrested in the UK.

1

Total Claims

0

Critical

Records Claimed

1

Industries Hit

Active span: May 28, 2026 – May 28, 2026 · 1 organizations targeted

Currently active
Activity 1.9 Severity 2.5 Sectors 2.3 Tooling 0.8

Actor Threat Profile

Activity Timeline

Peak: May 2026 (1)
May 2026
LessMore
May 2026

Share this profile

Shareable intel card for lapsus$

Top Targeted Industries

Telecommunication 1

Tradecraft & Infrastructure

4

Documented tools

0 / 0

MITRE tactics / techniques

3

Known leak sites

CredentialTheftDiscoveryEnumLOLBASRMM-Tools
Full intelligence profile on ransomware.live →

Targeted Organizations

VODAFONE

Claims by lapsus$

Low

Ransomware Claim: VODAFONE

VODAFONE
lapsus$
Ransomware Telecommunication
May 30, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.