The infamous hacking group LAPSUS$ has made headlines once again, allegedly taking responsibility for a major data breach impacting AstraZeneca, a global leader in pharmaceuticals and biotechnology. This incident suggests a renewed focus by the group on targeting high-profile companies for financial gain.
Alleged Extortion Tactics
LAPSUS$ is reportedly attempting to sell a 3GB archive of internal AstraZeneca data, marking a potential shift towards extortion methods that demand payment for access. The group, known for previous breaches of major tech firms, has posted snippets of the compromised data on underground forums, including screenshots and descriptions of the .tar.gz file’s contents.
Prospective buyers are being encouraged to contact the hackers through the secure messaging app Session to negotiate the data’s purchase. Unlike some previous incidents, no full public leaks have been released, indicating that the group’s primary goal is monetary gain through direct sales rather than public exposure.
Evidence and Claims
To validate their claims, the threat actors have provided password-protected paste links with redacted information, demonstrating their access to sensitive AstraZeneca data. As of March 20, 2026, the company has not issued any official comment regarding the breach.
The supposedly leaked data includes critical intellectual property and infrastructure configurations, as per the hackers’ statements on breach forums. This comprises source code for Java Spring Boot applications and Angular frameworks, along with Python scripts.
Potential Impact on AstraZeneca
The disclosed data, if verified, could have significant consequences for AstraZeneca’s supply chain operations and cloud security. Key components reportedly exposed include Terraform configurations for AWS and Azure, Ansible roles for automation, and private cryptographic keys and tokens related to GitHub and Jenkins CI/CD processes.
The attackers have also shared public samples showcasing internal repository structures, with a directory labeled AZU_EXFIL. This directory houses a repository identified as als-sc-portal-internal, which is integral to AstraZeneca’s logistical functions like inventory management and SAP system integration.
These revelations underline the potential for widespread disruption within AstraZeneca’s operational framework, emphasizing the critical need for robust cybersecurity measures.
Stay informed with our daily cybersecurity updates on Google News, LinkedIn, and X. Reach out to us for more information and to share your stories.
