CP
cyberpings
BreachesHIGH

AstraZeneca Data Breach - LAPSUS$ Group Claims Internal Access

CSCyber Security News·Reporting by Guru Baran
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Basically, hackers claim to have stolen important data from AstraZeneca and are trying to sell it.

Quick Summary

LAPSUS$ claims to have breached AstraZeneca, attempting to sell sensitive internal data. This breach raises alarms about the exposure of critical information. Companies must enhance their security measures to prevent similar incidents.

What Happened

The notorious hacking group LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving AstraZeneca, a major player in the pharmaceutical industry. They are reportedly attempting to sell a compressed 3GB internal data dump, indicating a potential shift towards pay-to-access extortion methods. This group, known for targeting high-profile technology firms, appears to be actively exploiting AstraZeneca's internal systems.

LAPSUS$ has teased the stolen data on illicit forums, providing screenshots and details about the contents of the archive. They are enticing potential buyers to negotiate a purchase via the secure messaging app Session. As of now, no full leak has been made publicly available, suggesting that the group's primary motive is financial gain through direct sales rather than immediate public extortion.

Who's Affected

The breach could have far-reaching implications for AstraZeneca, especially concerning its internal operations and cloud infrastructure security. The data dump allegedly contains highly sensitive intellectual property and critical infrastructure configuration details. This includes source code for various applications and cloud infrastructure setups that are vital for their operations.

The potential exposure of such sensitive information poses risks not only to AstraZeneca's proprietary technologies but also to their supply chain management and logistical functions. If the claims are legitimate, the implications could extend beyond financial losses to significant operational disruptions.

What Data Was Exposed

According to the claims made by LAPSUS$, the 3GB data dump includes a variety of sensitive components:

  • Source Code: This includes Java Spring Boot applications, Angular frontend frameworks, and various Python scripts.
  • Cloud Infrastructure: The breach reportedly exposes Terraform configurations for AWS and Azure, along with Ansible roles used for automation.
  • Secrets and Access: The attackers have claimed to possess private cryptographic keys, Vault credentials, and authentication tokens related to GitHub and Jenkins CI/CD pipelines.

The attackers have even released public samples that reveal specific internal repository structures, including a critical supply-chain portal repository. This portal is crucial for managing logistics functions such as forecasting and inventory tracking.

What You Should Do

For organizations, this incident serves as a critical reminder to bolster their cybersecurity measures. Here are some steps to consider:

  • Review Security Protocols: Ensure that access to sensitive data is tightly controlled and monitored.
  • Implement Strong Authentication: Use multi-factor authentication to protect access to critical systems.
  • Educate Employees: Regularly train staff on recognizing phishing attempts and securing sensitive information.
  • Monitor for Unusual Activity: Keep an eye on network traffic and access logs for any suspicious behavior.

As the situation develops, AstraZeneca should consider engaging with cybersecurity experts to assess the breach's impact and strengthen their defenses against future attacks. The stakes are high, and proactive measures are essential to safeguard sensitive data.

🔒 Pro insight: The LAPSUS$ group's shift to pay-to-access extortion highlights evolving tactics in cybercrime, necessitating enhanced defenses for sensitive corporate data.

Original article from

CSCyber Security News· Guru Baran
Read Full Article

Also covered by

SESecurityWeek

Extortion Group Claims It Hacked AstraZeneca

Read Article

Share

Related Pings

HIGHBreaches

Syria’s Security Failures Exposed by Government Account Hack

A recent hack exposed Syrian government accounts, revealing significant cybersecurity weaknesses. This incident raises concerns about the state’s digital security practices and its ability to communicate effectively. Experts warn that without urgent reforms, Syria's digital infrastructure remains at risk.

Wired Security·
LOWBreaches

T-Mobile - Clarifies Details on Recent Data Breach Incident

T-Mobile recently clarified a data breach involving an insider incident, impacting just one customer. Personal financial data remained secure, and the company has taken necessary precautions.

SecurityWeek·
HIGHBreaches

CBP Facility Codes Exposed in Quizlet Flashcards Leak

A Quizlet flashcard set has leaked sensitive information about US Customs and Border Protection facilities, raising serious security concerns.

Wired Security·
HIGHBreaches

Iran Handala Group Breaches Israeli Defence Contractor PSK Wind

Iranian hackers have breached PSK Wind Technologies, an Israeli defense contractor. Sensitive military data has been stolen, posing serious risks to national security. Organizations must strengthen their defenses against such cyber threats.

Security Affairs·
HIGHBreaches

Adobe Breach - Threat Actor Claims Leak of 13 Million Records

A hacker claims to have breached Adobe, leaking sensitive data including 13 million support tickets and employee records. This incident highlights serious third-party security risks.

Cyber Security News·
HIGHBreaches

Americans' Passports Stolen - Hacktivist Attack on Dubai Airport

A hacktivist group has reportedly stolen American passports from Dubai Airport. This breach raises serious concerns about identity theft and fraud risks. Travelers should monitor their information closely.

SC Media·