Elain Brown Tech 03.31.2022 01:Mar AM EDT

Lapsus$ Not Yet Dead as Software Company Globant Becomes Latest Victim

Lapsus$ is back in the hacking business. The hackers just breached confidential data from another giant tech company, Globant.

Lapsus$ has been attacking major tech companies this year one after the other and Globant seems to be of no exception.

Globant issued a press release following the leak. The IT and software consultancy company confirmed the hacking by the Lapsus$ data extortion group. The breached data in Globant is reported to be sensitive information including administrator credentials and source code.

Part of the leak included the release of a 70GB archive of data stolen from Globant described as "some customers' source code" by the malicious actors.

Globant stated, "We have recently detected that a limited section of our company's code repository has been subject to unauthorized access".

Lapsus$ Hacking Globant

Lapsus$ shared the data they breached from Globant in their Telegram group chat.

There has been a screenshot of what the group claims to be an archived directory from Globant. The photo contains folder names that appear to be those of the company's customers.

Abbott, apple-health-app, C-span, Fortune, Facebook, DHL, and Arcserve are just a few of the source code folders listed in the screenshot.

The hacking inside Globant's systems may have occurred on March 29th according to the metadata associated with the entries seen in the screenshot.

After posting the hacked information, Lapsus$ added another set of data they have breached in Globant in the form of credentials that they claim will grant administrators access to various platforms used by Globant for development, review, and collaboration on customer code.

The data from the follow-up post is stated to originate from Jira, Confluence, GitHub, and Crucible.

In addition, Lapsus$ made a third post containing a torrent file containing approximately 70GB of data stolen from Globant.

As reported by Bleeping Computer, threat intelligence company SOS stated: "In terms of legitimacy, going just by volume alone it's hard to fabricate that amount of data - however samples of the data have been cross referenced with live systems and other methods that show the leak is legitimate and very significant as far as Globant and Globant's impacted customers are concerned."

SOS, a U.K.-based threat intelligence service, stated that the data exposed by Lapsus$ includes customer information, code repositories with a large number of private keys like full chain, web server SSL certificates, Globant server, and API keys.

Lastly, one of the repositories contains information about the Bluecap app, which provides financial sector consulting services and was acquired by Globant in late 2020.

Lapsus$ Hacking and Arrest

Lapsus$ has become a well-known threat actor in the industry for a while now. Lapsus$ hack was able to compromise 1TB of data from NVIDIA. Lapsus$ also leaked 190 GB of data from Samsung.

In addition, Microsoft confirmed recently that they were also hacked by the group not too long ago. Microsoft also revealed that they have been eyeing the threat actor for a while now.

The threat actors are known for breaching massive data from companies like NVIDIA, Samsung, Microsoft and Ubisoft.

Lapsus$ is a fairly new hacking group, making them quite notorious in the cybersecurity world. And despite their newness, the group was successful in targeting tech giants.

Globant is also a tech giant in its field of IT and software development with more than 16,000 employees worldwide. It is currently based in Luxembourg and has a long list of well-known customers, including the Metropolitan Police, SmileDirectClub, Autodesk, Electronic Arts, Santander, Interbank, and Royal Caribbean.

According to Ars Technica, just recently, police authorities in the U.K. arrested seven teenagers believed to be mainly connected with Lapsus$.

Lapsus$ is speculated to have been formed primarily by teenagers who were more likely motivated by the desire to make a name for themselves in the hacking community rather than by financial gain.