IT and software development firm Globant recently issued a statement that it experienced a network breach. The statement appeared to confirm claims made by Lapsus$, a group that has successfully compromised Microsoft, Nvidia, Okta, and other victims in recent weeks as first reported by The Verge.
Lapsus$ is a relative newcomer to the data-extortion scene. While the group’s tactics and procedures lack sophistication, members largely believed to be young and technically immature make up for it with persistence. Gang members were rumored to be among seven individuals arrested last week by London police.
A torrent link in the post indicated that the leaked cache of source code was about 70GB.
Among the data published by Lapsus$, there is a screenshot the group claims to be of an archived directory from Globant, containing folder names that appear to be company customers.
Some of the source code folders listed in the screenshot include, Abbott, apple-health-app, C-span, Fortune, Facebook, DHL, and Arcserve
The Apple folder, as reported by The Verge doesn’t contain direct Apple data, and rather, has information about Globant’s BeHealthy app, which was developed in partnership with Apple, and tracks data through the Apple Watch.
Since then, Globant has come out about the data breach. “We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation,” reads Globant’s official update about the issue. “According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.”
Since then, Lapsus$ has shared a torrent download link in the Telegram group chat, with the 70GB of data available for group members to download for free.
Modus Operandi
The London police informed about the tactics in which Lapsus$ employs a host of unsophisticated methods to successfully breach its victims. To bypass some targets’s multifactor-authentication protections, for example, members who obtained passwords would periodically attempt logging in to the affected accounts, a technique known as MFA prompt bombing. In many cases, prompts can be delivered through a regular phone call.
The latest data breach comes less than a week after the U.K police arrested seven people with direct affiliation to the anonymous hacker group.
(Image Courtesy: www.techaeris.com)