The notorious Lapsus$ extortion group has boasted on an underground forum about hacking biopharmaceutical giant AstraZeneca and stealing roughly 3GB of data.
The hackers say they exfiltrated multiple types of sensitive enterprise data from AstraZeneca, including credentials and tokens, internal code repositories, and employee data.
Lapsus$ claims to have exfiltrated Java-based application code such as “controllers, repositories, services, schedulers, configuration files, and Spring Boot resources,” cybersecurity firm SocRadar reports.
The leak allegedly includes project paths associated with internal development assets, Angular and Python packages, and AWS, Azure, and Terraform cloud infrastructure information.
Furthermore, the hackers claim to have stolen various credentials and other secrets, GitHub Enterprise-related user information, such as roles and account details, and corporate email addresses.
“The file tree also points to large numbers of SQL scripts, table definitions, views, sequence files, batch processes, and inventory or order-management components,” SocRadar notes.
“In practical terms, that suggests the alleged breach may touch internal business operations, supply chain workflows, and system administration data, not just developer artifacts,” the company points out.
Lapsus$ also added AstraZeneca to its Tor-based leak site, offering the allegedly stolen information for sale. However, it has not set a price for it.
Should the hacking group’s claims be verified, the blast radius from the incident could be broad, as it may impact employees, partners, intellectual property, and the supply chain.
The pharma giant has yet to publicly disclose the incident and confirm the extortion group’s claims.
Some voices suggest that the AstraZeneca hack could be linked to the recent supply chain attack that affected Aqua’s Trivy vulnerability scanner, but security researchers are skeptical, saying that evidence is circumstantial.
SecurityWeek has emailed AstraZeneca for a statement on the matter and will update this article if the company responds.
Related: 3.1 Million Impacted by QualDerm Data Breach
Related: Mazda Says Employee, Partner Information Stolen in Cyberattack
