Detect, Respond, Protect
See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.
Threat Actor Profile
Slippy Spider
Slippy Spider, also known as Lapsus$, is a cybercriminal group that emerged around late 2021, quickly growing notorious for their brazen data extortion tactics and disruptive attacks on large corporations and governments. Known for targeting prominent industries, this group uses creative and unconventional infiltration techniques that exploit both technical vulnerabilities and social engineering weaknesses.
Threat Actor Profile
Slippy Spider
Country of Origin
The exact country of origin for Slippy Spider is unclear. However, investigative efforts suggest members might be dispersed globally, with some based in Europe and South America—including confirmed arrests in the United Kingdom and Brazil.
Members
The group appears loosely organized, involving a small number of core members with aliases like “Lapsus$” and “Oklaqq.” Reports suggest they leverage external collaborators to assist in broader operations, though member identities largely remain hidden or anonymized.
Leadership
The leadership structure of Slippy Spider remains somewhat enigmatic. Notably, one prominent figure tied to Slippy Spider goes by the alias “White” or “Oklaqq,” reportedly a teenage mastermind believed to operate from the UK. Several other aliases have surfaced, but the chain of command and exact hierarchy are still uncertain.
Slippy Spider TTPs
Slippy Spider takes an aggressive, unorthodox approach to cybercrime, frequently eschewing malware in favor of exploiting human vulnerabilities or lapses in operational security.
Tactics
The group primarily aims to exfiltrate sensitive corporate data for ransom payments. Their brazen attitude often involves leaking stolen information to pressure victims.
Techniques
Social engineering (e.g., phishing employees to gain login credentials)
Exploiting weak protections in multifactor authentication (MFA) systems
Buying insider access from disgruntled employees
Procedures
Slippy Spider has been known to use SIM-swapping techniques, breach collaboration tools (e.g., Slack, GitHub), and even publicize their attacks through social media channels—mocking victims.
Want to Shut Down Threats Before They Start?
Notable Cyberattacks
Microsoft: Breached GitHub repositories to access source code for internal projects.
NVIDIA: Stole sensitive employee data and proprietary designs, demanding ransom while leaking intel online.
Okta: Compromised a customer support system affecting thousands of clients.
Law Enforcement & Arrests
Law enforcement efforts have struck notable blows against Slippy Spider. A London-based teenager believed to be a key figure was arrested in early 2022, alongside other suspects in Brazil. These arrests underscore international cooperation against cybercrime, though the fate of Slippy Spider remains uncertain.
How to Defend Against Slippy Spider
1
Strengthen Access Controls: Implement robust MFA solutions and regularly audit account permissions.
2
Employee Training: Educate staff on phishing risks and how to spot social engineering schemes.
3
Monitor Credentials: Use tools like Huntress ITDR to identify compromised credentials or unusual login behaviors.
4
Incident Response: Deploy threat detection and response tools to detect and contain breaches early.
References
