LAPSUS$ TTPs

Michael Koczwara
4 min readMar 31, 2022

LAPSUSS TTPs & MITRE ATT&CK Mapping

LAPSUS$ TTPs

Two interesting techniques used by LAPSUS$ (Code Signing, Disable and Modify Tools)

TA0005: Defence Evasion

T1553.002: Subvert Trust Controls: Code Signing

NVIDIA certificates used to sign malicious software

The leak includes two stolen code signing certificates used by NVIDIA developers to sign their drivers and executables.

A code signing certificate allows developers to digitally sign executables and drivers so that Windows Operating System and users can verify the owner of the file and whether a third party has tampered with it. Microsoft requires kernel-mode drivers to be code signed before they are loaded by the operating system to increase security in Windows Operating Systems.

--

--