GLOBANT, a software development company with its headquarters in Luxembourg, seems to be the latest victim of the Lapsus$ hacking outfit.
This week, the group declared that it was "back from vacation," and it posted a 70GB torrent file on its Telegram channel, claiming that the dump included, among other things, Globant's customer source code.
Google, LinkedIn, Electronic Arts, and Coca-Cola are just a few of the company's customers. Last year, a member of Lapsus$ gained access to Electronic Arts' endpoints, while it is unknown if the two breaches had anything in common at the attack. Another image shared by Lapsus$ showed a folder holding several alleged Globant customers, including Facebook, Citibank, and C-Span.
The Lapsus$ hacking group gained headlines for the first time in December 2021 when it conducted a ransomware attack against the Brazilian Ministry of Health, taking the COVID-19 vaccination data of millions of Brazilians in exchange for money.
Since then, it has targeted several high-profile technical companies, getting information from Nvidia, Samsung, Microsoft, and Vodafone, among other companies. Aside from that, Lapsus$ was able to disrupt several Ubisoft services and get access to a laptop belonging to an Okta contractor, potentially putting the data from hundreds of organizations who rely on the service in danger. It is also suspected of being responsible for the attack on EA Games that occurred last year.
Shortly after the Okta attack, a report identified a teenager from England as the mastermind of the hacking ring, with another teenage member perhaps living in Brazil, according to the article. One of the group's members is believed to be so skilled at hacking that analysts felt the group's operation was being carried out automatically. The London police busted the Lapsus$ group on March 24th, and seven juveniles were taken into custody.
Other resources included a list of company passwords that the firms in question used to log into source code sharing websites such as GitHub, Jira, Crucible, and Confluence.
According to the researchers, there are multiple repositories containing "very sensitive information," according to the researchers. This includes TLS certificate private keys and chains, Azure keys and API keys for third-party services, 7,000 candidate resumes, more than 150 databases, and a "large number" of private keys for various services.
A statement to TechCrunch admitted the attack, stating it uncovered unauthorized access to a "limited portion" of its corporate code repository. Globant declined to comment more. According to the statement, an investigation is now being conducted.
Some cybersecurity specialists seem to believe that the publication is genuine. SOS Intelligence CEO Amir Hadzipasic remarked on the breach for the same journal, stating that the leak is genuine and very significant in terms of the company Globant and the people who the hack has impacted.
As of early 2022, Lapsus$ has risen to become one of the most notorious names in the tech industry, having hacked into the systems of several major tech companies, including Nvidia, Samsung, LG, Microsoft, and Okta.
Many suspected Lapsus$ members have been imprisoned in the United Kingdom. They are believed to be handled by a teenager who lives with his mother. Several suspected Lapsus$ members have recently been apprehended in the United Kingdom.