Hacking group LAPSUS$ has revealed its latest target: Globant, an IT and software development company whose clientele includes the likes of technology giant Facebook.
In a Telegram update where the hackers affirmed they’re “back from a vacation,” — potentially referring to alleged members of the group getting arrested in London — LAPSUS$ stated that they’ve acquired 70GB of data from the cyber security breach.
Not only have they seemingly obtained sensitive information belonging to several large organizations, the group decided to release the entire 70GB via a torrent link.
As reported by Computing, the group shared evidence of the hack via an image displaying folders that are named after Facebook, DHL, Stifel, and C-Span, to name but a few.
Although there is a folder titled “apple-health-app,” it is not directly related to the iPhone maker.
Instead, The Verge highlights how the data it contains is actually associated with Globant’s BeHealthy app, which was developed in partnership with Apple due to its use of the Apple Watch.
Meanwhile, LAPSUS$ posted an additional message on its Telegram group listing all of the passwords of Globant’s system admins and the company’s DevOps platforms. Vx-underground, which has conveniently documented all of the group’s recent hacks, confirmed the passwords are extremely weak.
LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw
— vx-underground (@vxunderground) March 30, 2022
Notably, login credentials for one of those platforms seemingly offered access to “3,000 spaces of customer documents.”
Following the Telegram message and subsequent leak on March 30, Globant itself confirmed it was compromised in a press release.
“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.
According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.
We are taking strict measures to prevent further incidents.”
Earlier in March, seven alleged members of the group, reportedly aged 16 to 21, were arrested in London, before being released pending further investigations. According to reports, the alleged ringleader of the group, a 16-year-old from Oxford, U.K., has also apparently been outed by rival hackers and researchers. “Our inquiries remain ongoing,” City of London police stated.
Security researchers have suggested other members of LAPSUS$ could be based out of South America.
Hacking scene’s newcomer causing a lot of noise
LAPSUS$ has gained a reputation by injecting activity into the hacking scene in an extremely short span of time.
Amazingly, the majority of its hacks seem to come to fruition by simply targeting engineers of large companies and their access points via weak passwords. The group even stresses this fact repeatedly in its Telegram updates.
It’s understandable when an average user from home is subjected to a hack due to weak passwords, but we’re not talking about individuals here. LAPSUS$ has successfully infiltrated some of the largest corporations in history without the apparent need to resort to complicated and sophisticated hacking methods.
Moreover, hackers are now even exploiting weak passwords that make your PC’s own power supply vulnerable to a potential attack, which could lead to threat actors causing it to burn up and start a fire. With this in mind, be sure to strengthen your passwords.
LAPSUS$ has already leaked the source codes for Microsoft’s Cortana and Bing search engine. That incident was preceded by a massive 1TB Nvidia hack. Other victims include Ubisoft, as well as the more recent cyber security breach of Okta, which prompted the latter to issue a statement acknowledging a mistake in how it reported the situation.
