The Lapsus$ extortionist group has returned from a “vacation” despite the recent arrest of seven of its members. The cybercriminals’ Telegram channel published data allegedly stolen from the Globant software development company.
As evidence of the hack, the hackers first posted a screenshot showing a list of folders with the names of various companies from around the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Stifel, and others.
A little later, the group also posted a torrent file containing 70 GB of source code allegedly stolen from Globant, as well as administrator passwords associated with Atlassian firms (including Confluence, Jira and Crucible).
According to the research group VX-Underground, Lapsus$ members mocked the Globant administrators and separately published some of the passwords they used. The problem is that credentials like “admin” or “admin2” are hardly reliable, easy to guess, and often reused across the company.
Representatives of Globant have not yet commented on the incident.
Let me remind you that lately the Lapsus$ hacker group has become a real cyber sensation and does not leave the front pages of IT publications around the world. These guys blackmailed Nvidia, leaked the source codes of Ubisoft, Microsoft and Samsung and compromised Okta. As the media and experts now report, the leader of this hack group may be a 17-year-old teenager from the UK, moreover, he was recently arrested by the authorities.
As Flashpoint experts noted, Lapsus $ differs from other extortion groups in that it does not encrypt the files of its victims, but penetrates the company’s network, gains access to important files, steals them, and then threatens to leak data if it is not paid a ransom.
It should also be added that Lapsus$ does not have its own “leak site” where it publishes or sells the data of its victims. All leaks and communication “with the public” take place on the hackers’ Telegram channel, which has more than 52,000 subscribers, or by mail, and the stolen data is even distributed via torrents.
In total, 19 companies and organizations have become victims of Lapsus$, while 15 of them are located in Latin America and Portugal.