Lapsus $the group of cybercriminals that hacked Mercado Libre at the beginning of the month, published this Wednesday Globant internal platform passwords, the Argentine unicorn that provides technological services to giants such as Google, Disney and online banking sites around the world.
“For anyone who is interested in the weak Globant security measures, I expose the administrator credentials of all the development platforms here below”, Lapsus$ published on his Telegram channel.
Below, internal platforms of the company appear with their respective passwords and then a torrent with 70 GB of information.
Between the platforms appears Githuba site with source code repositories, Confluence, a collaborative work software, Jira – a project management tool and Crucible, a code review program.
A huge number of source code repositories had been leaked to Mercado Libre, which is something like the blueprints for the structure of the company’s different applications and developments.
Globant is one of the largest technology companies in Latin America, behind Mercado Libre. It is valued at almost 10 billion dollars (as a reference, Mercado Libre has a capitalization of 55 billion, YPF, 1,500 million).
It is characterized by providing digital solutions to other companies, from Cloud Computing and marketing to blockchainbut also very specific tools such as the bracelet worn at Disney to access the attractions (called Magic Band).
The Linkedin application, the home banking site of many international banks and the site of the London Metropolitan Policeare other services provided.
It was founded in 2003 by Martín Migoya, Guibert Englebienne, Martín Umarán and Néstor Nocetti. In 2014 it was listed on the New York Stock Exchange and since then its capitalization has grown exponentially.
Lapsus$: a real headache
“Slip $” It is an organization of cybercriminals with much less infrastructure than the large international gangs, but with enough firepower to have among its victims not only Mercado Libre but also Samsung, Nvidia and Vodafone, giants of the global market.
Despite the fact that many see a clear connection with Latin America among its targets, others risk that it is a British team, or even a “lone wolf” that leaks sensitive data from giant companies to show its enormous capacity to damage businesses.
In fact, a week ago they arrested a young man who would be the “master mind” behind the attacks, although the group was very active on its channel explaining its steps to follow: with or without the detainees.
The particularity of Lapsus$ is that it does not have the infrastructure of “big” cybercriminals like Netwalker, REvil, Egregor o Everest which have their own “ransomware”, that is, malicious programs -such as viruses- that encrypt user information, companies or even States (as happened with Migrations in Argentina in 2020).
However, Lapsus$ does not have this level of sophistication: they usually work with social engineering by recruiting employees of the affected companies who, in one way or another, hand over their credentials.
Thus, to steal information, Lapsus$ bets on another technique: recruit insiders as they are known in the field: employees of the companies themselves who deliver their username and password to cybercriminals, or sensitive information, by their own means.
In other words, while the big gangs operate by installing this type of program that encrypts information, Lapsus$ bets on social engineering: finding a resentful employee, an “asset” who, from within the company, He delivers credentials that they take advantage of to commit their illicit acts.
Clarion contacted Globant and was waiting for a comment on the leak.