The Lapsus$ extortion group has made headlines once more, this time claiming responsibility for a cyberattack on AstraZeneca. The group announced on a dark web forum that it has accessed and stolen approximately 3GB of sensitive data from the major biopharmaceutical company.
Details of the Alleged Breach
According to Lapsus$, the stolen data includes a variety of sensitive enterprise information. This encompasses credentials and tokens, internal code repositories, and employee details. The group reportedly exfiltrated Java-based application code, including crucial components like controllers, repositories, services, and configuration files.
Cybersecurity firm SocRadar has highlighted that the leaked data may involve project paths linked to internal development assets. This includes Angular and Python packages, as well as critical cloud infrastructure information from AWS, Azure, and Terraform.
Implications and Potential Impact
Moreover, the breach allegedly extends to various credentials and secrets, user information related to GitHub Enterprise, and corporate email addresses. A file tree analysis suggests the breach might affect internal business operations, supply chain workflows, and system administration data.
Lapsus$ has listed AstraZeneca on its Tor-based leak site, proposing the sale of the stolen information. However, no pricing information has been disclosed yet.
Verification and Industry Reactions
If the claims by Lapsus$ are substantiated, the repercussions could be extensive, influencing employees, partners, intellectual property, and the broader supply chain. AstraZeneca has not publicly confirmed the breach or the extortion group’s assertions.
There are speculations linking this hack to a recent supply chain attack on Aqua’s Trivy vulnerability scanner. However, security experts remain unconvinced, attributing the connection to circumstantial evidence.
SecurityWeek has reached out to AstraZeneca for comments on the situation and will provide updates upon receiving a response.
