If you’ve been following the latest cybersecurity – and Anonymania – news, then Lapsus$ must have come up quite a lot. The hacking group has been very busy lately, claiming one high-profile international organization after the other. Its most recent victim is Globant, an IT and software development company from Luxembourg, with hackers leaking 70GB of data.
The company confirmed the news on March 30, saying there was unauthorized access to a code repository. However, it did not name or identify who was responsible for the breach. The incident comes fresh off the heels of London police arresting seven suspects supposedly related to the infamous cyber gang.
Lapsus$ Marks Return with Globant Hack Announcement
After a week-long ‘vacation,’ Lapsus$ returned to Telegram in the most Lapsus$ way: announcing a new victim. The group said late on March 29 that they infiltrated Globant systems and stole 70GB of data, including customers’ source code. They also shared the information on their channel.
“We are officially back from a vacation,” said Lapsus$ before posting a screenshot of over 12 files containing leaked customer data. The image had names of several high-profile corporations, including Facebook and Citibank, all Globant clients.
Then, the hackers shared a torrent file containing the source code and admin credentials to access platforms like Jira, Github, Confluence, and Crucible. And according to VX-Underground, a malware research group, the passwords were very easy to guess and used across multiple accounts. In fact, Lapsus$ taunted Globant and called out its employees for their poor security practices.
Globant confirmed it suffered a security breach the following day, with attackers gaining unauthorized access to a ‘limited section’ of the code repository. A filing to the US SEC said that it activated security protocols and launched an exhaustive investigation. Furthermore, the company added that they are taking strict measures to prevent further incidents.
According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients.Globant
Also, Globant did not find evidence that the attack impacted other areas of its infrastructure or that of its customers. But the investigation was still ongoing. Reuters reported that the company’s shares fell by 10% following news of the attack.
Lapsus$ Victims and Recent Arrests
Cyber gang Lapsus$ made quite the infamous reputation ever since it emerged late last year, sending shock waves through the cybersecurity community. They targeted several big-name companies worldwide, including Microsoft, Samsung, Mercado Libre, NVIDIA, and Okta. And just like the Globant case, they always leak their victim’s data on Telegram.
Lapsus$ hackers have a unique flair that separates them from other cybercriminals. They regularly brag about their capabilities and ask their followers on Telegram, which are over 54,000, who should be their next victim. Furthermore, they resort to trickery, bribes, and bluffing to launch sophisticated attacks. That includes dark web reconnaissance, SIM swapping, and phone phishing.
And so far, the group has never disclosed false or fake information. UK threat intelligence firm SOS Intelligence told TechCrunch that the Globant leak was ‘legitimate and very significant.’
The latest cyberattack came days after the London police apprehended seven suspects with links to Lapsus$, one of whom was just 16. However, Lapsus$ denied that any of its members were arrested.