The LAPSUS$ data extortion group confirmed their return on Telegram following a week-long “vacation,” exposing what they allege is data from software services business Globant. “We are officially back from a vacation,” LAPSUS$ wrote on its Telegram channel, which has roughly 54,000 members. The gang also posted images of extracted data and credentials about the firm’s DevOps infrastructure.
The shared screenshots show a folder with names belonging to different companies from different parts of the world, including Arcserve, BNP Paribas Cardif, Banco Galicia, DHL, Citibanamex, Facebook, and Stifel, among others. A torrent file containing about 70GB of Globant’s source code, as well as administrator credentials for the company’s Atlassian suite, including Confluence and Jira, and the Crucible code review tool, has also been released. According to malware research firm VX-Underground, the passwords are easily guessable and reused several times, causing LAPSUS$ to criticize the company’s “poor security practices in use.” Globant has been reached for comment, but no response has been received yet.
Lapsus$ is a profit-driven organization that tries to gain money by stealing data from large corporations and demanding a ransom to prevent the files from being exposed. While they’ve been dubbed a ransomware gang, their attacks don’t appear to include any file-encrypting malware. Thus, it’s more appropriate to call them an extortionist group. The members of this gang often use social engineering, hacking employee accounts, SIM swapping, and insiders to accomplish their aims.
Since its inception in December 2021, the LAPSUS$ extortion gang has been making headlines for its high-profile attacks on companies like Impresa, Samsung, Microsoft, Vodafone, NVIDIA,
Ubisoft, and Okta. The new data breach comes after the City of London Police said last week that it had detained and released seven accused criminal cartel operators aged 16 to 21 who were under investigation. However, if the most recent leak is any indicator, law enforcement activities haven’t slowed down their operations.