The software development company Globant has suffered an attack by the group of cybercriminals LAPSUS$ which, despite the arrest of its members continues to perpetrate cyberattacks and communicate them through Telegram.
LAPSUS$ is a group of ‘hackers’ that lines of code and other sensitive information from tech giants such as Nvidia, Octa, Microsoft or Samsung.
On all these occasions, and after bypassing their security systems, The cybercriminals have shared screenshots on their Telegram channel that include the stolen data.
Despite the fact that some of its members have been identified and arrested –including the alleged mastermind of the group, a 16-year-old from Oxford (England)– LAPSUS$ continues to carry out these types of attacks.
According to Gizmodo, the latest company to be targeted by these cybercriminals was Globant, of Argentine origin and specialized in software engineering, which suggests that LAPSUS$ is still active today despite the arrest of some of its members.
“For anyone interested in the bad security practices they use at Globant.com, we will expose admin credentials for ALL platforms devops,” LAPSUS$ posted last Tuesday on his Telegram channel.
Next, the group of ‘hackers’ exposed different passwords and a link to what it said was 70 GB of internal Globant data, among which was internal source code of several of its clients, like Apple and Facebook.
For its part, Globant has confirmed the attack and has indicated that it has not found “no evidence” that other areas of its infrastructure or its clients have been affected by it.
“Based on our current analysis, the information accessed was limited to certain source code and documentation related to the project for a very limited number of clients”, has stated in a statement sent to Gizmodo.
This medium has contacted the CEO of the cybersecurity firm SOS Intelligence, Amir Hadzipasic, who has evaluated the stolen material and has assured that this leak includes a large amount of proprietary data from both Globant and its clients.
“The archive contains several repositories, totaling about 70 GB of source code. We discovered that the repositories contain very sensitive informationbeyond the intellectual property of the source code itself,” Hadzipasic said.
LAPSUS$ ALSO STOLE DATA FROM APPLE AND META
In addition to being recognized for its particular ‘modus operandi’, based on data theft and its subsequent publication on its Telegram channel, investigations suggest that LAPSUS$ also would be linked to recent ‘phishing’ attacks targeting Meta, Apple, and Discord.
As reported by Bloomberg last week, these technology companies would have provided information about their users to a group of cybercriminals after posing as law enforcement by sending false urgent requests for data.
This information complemented that provided by cybersecurity blogger Brian Krebs, who revealed that hackers had been using stolen email accounts to carry out this deception.
As reported by the agency, behind these fakes could be Recursion Team. This group of cybercriminals is no longer active, however, investigations have determined that some of its members now belong to LAPSUS$.