December 5, 2022

TheCyberThrone

Thinking Security ! Always

Lapsus$ Breached Globant

The LAPSUS$ hacking group has involved in yet another breach that has led to the source code belonging to the likes of Facebook and Apple being dumped via its Telegram channel.

The group leaked data belonging to world’s top companies, days after UK law enforcement arrested a number of individuals connected with the group, with investigations still ongoing.

Advertisements

It’s believed the companies code was lifted as a result of a hack Globant, an Argentinian company since LAPSUS$ also leaked the administrator credential for the company’s GitHub, Jira, and Confluence accounts.

Experts says the files seemed to be legitimate and were the encrypted private keys for certificates used to build iOS apps and also it contain the server private keys to Globant’s Azure machine templates, leads to a full compromise of their servers if they are accessible externally via SSH.

Having access to such files could lead to a complete compromise of the affected companies’ customer systems and make the initial entry attempt seem entirely legitimate since the authentication key itself is used.

Other companies affected by the breach include healthcare giant Abbott, beverages multinational AB InBev, BNP Paribas Cardiff, and DHL.

Globant “is going to have a lot of work on their hands” and will likely involve the resetting of a vast number of tokens and API keys, and passwords will need to be reset and revoked.

Advertisements

The leaked credentials have been described as “very easily guessable and used multiple times” by malware analysis group VX-Underground.

Though arrest of few members of hacking group, it doesn’t stop the gangs flurry of malicious activities. They are unstoppable at this moment

%d bloggers like this: