Lapsus$ return with Globant breach, leaking trove of data on top global businesses

Following a string of arrests, the hacking group is back with source code belonging to the likes of Facebook and Apple being exposed to the public
Image: Shutterstock via Dennis

30 March 2022

The Lapsus$ hacking group has announced another breach that has led to the source code belonging to the likes of Facebook and Apple being dumped via its Telegram channel.

The group announced the trove of data belonging to some of the world’s top companies in the early hours of Wednesday morning, days after UK law enforcement arrested a number of individuals connected with the group, with investigations still ongoing.

Among the other companies affected by the breach include healthcare giant Abbott, beverages multinational AB InBev, BNP Paribas Cardiff, and DHL.

It’s believed the companies’ code was lifted as a result of a hack on Argentine-headquartered software development company Globant since Lapsus$ also leaked the administrator credential for the company’s GitHub, Jira, and Confluence accounts.

The leaked credentials have been described as “very easily guessable and used multiple times” by malware analysis group VX-Underground.

Lapsus$ has demonstrated varied and changing tactics to break into companies in the cyber criminal group’s short time being active.

Previously confused as a ransomware group, Lapsus$ is described by Microsoft as large-scale social engineering and extortion campaign. The group is financially motivated and has been observed destroying victim files or leaking them online to the public.

Social engineering and using initial access brokers have typically been the go-to methods of gaining an initial foothold in their victims’ environments, connecting via remote or virtual desktop infrastructure and elevating privileges from there.

The same method was observed in its most recent hack on Sitel which drew headlines due to data from identity and access management company Okta being leaked as a result, leaked cyber security reports showed.

With its first activity observed in December 2021, Lapsus$ has claimed successful cyber attacks on Nvidia, Okta, Samsung, LG, and more, including Brazilian government entities.

The group is believed to have members based across the UK and Brazil primarily, with their ages ranging from late teens to early twenties.

Future Publishing

Read More:

Back to Top ↑