DecryptedTech

Monday15 August 2022

Lapsus$ Releases 70GB Allegedly from IT Firm Globant Data Despite Recent Arrests


Reading time is around minutes.

Just when you might have thought things were calming down with Lapsus$, they bounce back from a “vacation” and dump what they are claiming is 70GB of data from IT group Globant. The leak comes after police in London announced the arrest and release of seven individuals with possible ties to the group, including the possible leader of the organization.

The group appeared to have popped back up on Telegram with a message saying, “We are officially back from a vacation,” followed by posting a link to a torrent file with the alleged Globant data. The data itself is interesting and according to researchers that have opened the rar file, contains what appears to be a combination of source code as well as admin passwords for Globat’s Jira, Confluence, Crucible code review tool.

The type of data collected and displayed, if real, is in pattern for the group and matches up to other leaks they have posted. Inside this dump were also files that appear to contain data about other organizations (possible clients of Globant) like Facebook, DHL, Stifel, C-Span, Arcserve, Racetrac, and even a folder named “apple-health-app”. These, again if real, could be projects that Globant is/was working on for different clients which got caught up in the breach and compromise of the Globant DevOps team.

Although it is clear that Lapsus$ is not gone, they could potentially be in their last days. As we have seen in the past, often law-enforcement will release people to see who they contact and what they do after release. This can potentially allow them to gather up more members of a targeted criminal organization and get a better understanding of how they operate. In this case, we expect this is what is happening. There is a strong suspicion that Lapsus$ has used insiders to gain at least initial access to different groups and law enforcement agencies are going to want to not only identify how they operate that side of the business, but also see if they can identify any existing or previous insiders.

No matter why Lapsus$ is still around and kicking (pretty hard I might add), it is clear they still have some things up their sleeves when it comes to breaching organizations. What these items are, we still do not have a full understanding of, but I imagine some of the details will come out in short order as the investigations into them intensify. Of course, even if they are taken out, someone/something will show up that is just as bad or worse. It is just the way things are when it comes to the threat landscape. This means that, once again, the onus is on organizations to ensure they have the proper security tools and culture to deal with these threats as they emerge and evolve.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.