The famed hacking group LAPSUS$ has reportedly resurfaced, claiming responsibility for a significant data breach involving the multinational pharmaceutical and biotechnology company, AstraZeneca. The group is now attempting to sell a compressed 3GB internal data dump, which suggests a potential shift towards pay-to-access extortion methods. LAPSUS$, previously known for high-profile breaches targeting major technology firms, appears to be active again with this alleged compromise of AstraZeneca’s internal systems.[1]
The group has posted teasers of the purportedly stolen data on illicit forums, detailing the contents of the archive and providing screenshots as evidence. The threat actors are attempting to entice potential buyers to contact them via the secure messaging application Session to negotiate a purchase. To date, no full leak has been made publicly available for free, indicating that the group’s primary motive in this instance is financial gain through a direct sale rather than immediate public extortion.
See: https://redskyalliance.org/xindustry/lapsus-hit-in-uk
The threat actors have also provided password-protected paste links containing redacted secrets as further proof of access to prospective buyers. AstraZeneca has not commented on the incident, and no official statement has been released. According to the threat actors’ claims on the breach forum, the 3GB data dump contains a wide array of highly sensitive intellectual property and infrastructure configuration details. To substantiate their claims, the attackers have released public samples revealing specific internal repository structures and project details.
This internal portal appears to manage several core logistical functions crucial to pharmaceutical distribution, including forecasting, inventory tracking, product master data management, and On-Time In-Full (OTIF) delivery metrics. These exposed details suggest that the alleged hack could have far-reaching implications for AstraZeneca’s internal supply chain operations and overall cloud infrastructure security.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification/Tier I analysis service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/lapsus-claims-data-breach-at-astrazeneca-9250.html
Comments