LAPSUS$ remains active and is attributed the theft of data from the ‘software’ company Globant

The software developer company Globant has suffered an attack by the cybercriminal group LAPSUS$ which, despite the arrest of some of its members, continues to perpetrate cyberattacks and communicate them through Telegram.

YOU CAN SEE: Apple and Meta reportedly leaked user data to criminals posing as public officials

LAPSUS$ is a group of ‘hackers’ that in recent weeks has claimed the theft of lines of code and other confidential information from technology giants, such as Nvidia, Okta, Microsoft or Samsung.

On all these occasions, and after circumventing their security systems, the cybercriminals have shared screenshots on their Telegram channel that include the stolen data.

YOU CAN SEE: The fastest ransomware in the world and 5 tips to avoid it

Despite the fact that some of its members have been identified and arrested –including the alleged mastermind of the group, a 16-year-old from Oxford (England)– LAPSUS$ continues to carry out these types of attacks.

According to Gizmodo, the latest company to be targeted by these cybercriminals was Globant, of Argentine origin and specialized in software engineering, which suggests that LAPSUS$ is still active today despite the arrest of some of its members.

YOU CAN SEE: iPhone: Report new ‘phishing’ attack that impersonates Apple support

“For anyone interested in the bad security practices they use in Globant.comwe will expose admin credentials for ALL devops platforms”published LAPSUS$ last Tuesday on his Telegram channel.

The hacker group then exposed different passwords and a link to what it said was 70 GB of internal Globant data, including internal source code from several of its clients, including Apple and Facebook.

For its part, Globant has confirmed the attack and has indicated that it has found “no evidence” that other areas of its infrastructure or its clients have been affected by it.

“Based on our current analysis, the information accessed was limited to certain source code and documentation related to the project for a very limited number of customers”has stated in a statement sent to Gizmodo.

This medium has contacted the CEO of the cybersecurity firm SOS Intelligence, Amir Hadzipasic, who has evaluated the stolen material and has assured that this leak includes a large amount of proprietary data from both Globant and its clients.

“The archive contains several repositories, with a total of about 70 GB of source code. We discovered that the repositories contain very sensitive information, beyond the intellectual property of the source code itself”Hadzipasic commented.

LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw

— vx-underground (@vxunderground) March 30, 2022

LAPSUS$ ALSO STOLE DATA FROM APPLE AND META

In addition to being recognized for its particular ‘modus operandi’, based on the theft of data and its subsequent publication on its Telegram channel, investigations suggest that LAPSUS$ would also be linked to the recent ‘phishing’ attacks directed at Meta, Apple and Discord.

As reported by Bloomberg last week, these technology companies reportedly provided user information to a group of cybercriminals after posing as law enforcement by sending false urgent data requests.

This information complemented that provided by cybersecurity blogger Brian Krebs, who revealed that hackers had been using stolen email accounts to carry out this scam.

As reported by the agency, behind these fakes could be Recursion Team. This cybercriminal group is no longer active, however, investigations have determined that some of its members now belong to LAPSUS$.

The hacker group exposed different passwords and a link to what it said was 70 GB of internal Globant data. (Photo: VCG)

Source: Elcomercio