[MART] - Daily Diary #481 - Lapsus$ Claims A New Attack On Globant

CTAS-MAT ctas-mat at appgate.com
Wed Mar 30 20:36:15 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

03/30/2022 - Diary entry #481:

Covered recently by multiple of our Daily Diaries, Lapsus$ is a cybercrime gang responsible for leaking source codes and sensitive data from Samsung, Nvidia, Okta, and other high-profile targets. Last week, on March 24th, London police arrested seven members accused of having connections to Lapsus$.

After the London police operation, we were expecting Lapsus$ remaining members to retire or to go dark. However, as Lapsus$ posts suggest they are a group of people from multiple countries, they resumed their activities on their Telegram channel. Although nothing about the arrests was addressed, Lapsus$ instead announced yesterday, on March 29th, their return after a "vacation" and posted a new leak exposing the software services company Globant.

In this new breach, Lapsus$ exposed admin's weak-password credentials being re-used among Globant's platforms such as Github and Atlassian's Crucible, Jira, and Confluence. Then, they shared a torrent file containing around 70 GB of customers' source code. Today, one day after the leak, Globant confirmed in a press release that some of the company source code has been exposed to an unauthorized party.

This new breach shows that the Lapsus$ group remains fully operational, meaning that organizations worldwide should reinforce their security practices by adopting a Zero Trust approach to contain and minimize the damage of this kind of attack.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220330/95456988/attachment.htm>

More information about the MART mailing list