LAPSUS$, the hacking group behind a string of breaches at Microsoft, Nvidia, and Okta, has returned, despite news reports indicating its members may have been arrested.
The LAPSUS$ gang today claimed it hacked Globant, which provides software services to brands including Disney, Google, and Electronic Arts.
In a public chat room, the group boasted about the alleged hack by posting a screenshot that shows a 73GB archive containing files supposedly stolen from Globant. The images displays several folder names that mention brands including Abbott Laboratories, Facebook, DHL, and C-Span, indicating LAPSUS$ may have stolen information on Globant’s customers.
The gang is now circulating the archive online as a torrent file, claiming the stolen information includes customers’ source code. In addition, LAPSUS$ posted the logins and passwords for several Globant.com web portals while calling out the company’s “poor security practices.”
Globant confirmed it was breached. “We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation,” the company said.
“According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients,” the company added. “To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.”
The company shut down access to the compromised Globant.com corporate portals.
The LAPSUS$ group claimed it hacked Globant after returning from a week-long “vacation.” During the same period, the BBC reported that City of London Police had arrested “seven teenagers in relation to the gang.” All seven were later released, although they remain under investigation.
Evidence has already emerged that two members of LAPSUS$ are teenagers based in the UK and Brazil, based on forensic evidence from the group’s activities. However, LAPSUS$ claimed on Tuesday its membership spans 30 people.
“Cybercrime groups, like hacktivist groups, often work in a decentralized fashion, with many members not even knowing each other’s true identities,” said Ken Westin, a director at IT security firm Cybereason. “The fact this group is made up of members in many different countries presents challenges for law enforcement as they will need to collaborate with different countries with varying levels of capabilities to go after the perpetrators.”
