- Matthew Spencer - Tech Journalist
Software consultancy firm Globant is the newest victim of the LAPSUS$ hacking group
Hacking groups are known for their immeasurable skills and motive to take down large companies to gain fame. Going after more minor services is not a popular hacking group's target.
The LAPSUS$ hacking group recently claimed their attack on software consultancy firm Globant. At least 70 GBs of data are exposed, containing source codes, customer information, social and others.
At Tech News Hub, our goal has remained the same. Providing authentic news as early as possible to benefit our tech leaders and like-minded individuals.
A little is known about the LAPSUS$ hacking group. Before the Globant breach, LAPSUS$ made its name after breaching big tech firms such as Microsoft, Okta, Samsung, Nvidia, etc.
Globant is an IT and software development firm operating in many counties. The UK, US, Germany, Spain, and Colombia are a few. Currently, the company is headquartered in Argentina.
The hacking group's Telegram channel was populated with folders, and file uploads claimed from the breach. They announced the incident after a week-long "vacation." On Twitter, LAPSUS$ said they are "officially back from a vacation." The Telegram channel has approximately 54,000 members. They interact with the uploads and the latest belonging of Globant's DevOps infrastructure.
Screenshots containing more than two dozen folders were published on the Telegram channel, which surprisingly has data from reputed tech companies. The authenticity was judged, but after the passing period, it was validated. As we mentioned earlier, the group is famous for leaking source codes and proprietary data from heavyweight tech companies.
The same group also claimed a recent breach on Oktalnc (OKTA.O). In cyber warfare, this kind of breach should've stooped but the individual groups are doing their thing on their terms. So, it comes as no surprise. Bluffing, bribes to steal passwords, and trickery are some of the ways the group perform their initial entrance into a breach site.
Microsoft in a blog post described the DEV-0537 "criminal actor targeting organisations for data exploitation and destruction." Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, and the Detection and Response Team (DART) were behind the update.
Microsoft's new detection, hunting and mitigation information gave us a brief idea of the incident. Even though the tech giant has improved their ability to track this actor and helped customers minimise risk, they are "committed to providing visibility into the malicious activity."
The Argentina-headquarter software development company Globant was out of the hacking group's radar for an extended period. The LAPSUS$ group leaked credential of company administrator details on open-source platforms GitHub, Confluence and Jira. We do not know how this leak will affect the company. We did not find any official statement regarding future measures. Nevertheless, compromising customer data is not going under the shadow that easily.
In the leaked folder, Abbott, academy, apple-health-app, Arcserve, BNPParibasCard, DHL, Facebook, Globant, and Globant-UIE are some of the important ones per our research.
On Globant's "vulnerability disclosure policy", we found the information security breach occurred within Globant affairs are within a set of processes. Data breach occurrence and suspicion of data breach record are made affirmative by the service company. The company shared that they went through a "loss of unauthorised access to, or unauthorised discourse of, personal information."
Maintaining confidentiality, integrity and availability of the information and the system is critical. The company thanked security researchers for helping to evolve security measures. According to Globant, security resecures must prohibit themselves from conducting the following tasks:
Cease testing and notify upon finding vulnerably along with the discovery of exposure of nonpublic data. They must not store or purge Globant nonpublic data upon reporting the vulnerability. Engaging in social engineering, phishing, denial of service, resource exhaustion or introducing malicious software. Testing manner should be done professionally that doesn't harm Globant's system.
As the company went through the hack, security researchers must keep away from deleting, altering, sharing, retaining or destroying Globant's research data.
Here's a list of systems Globant welcomes security researchers to test:
The company will soon release more updates on further decisions. It is safe to say that, even within the war conflict and cyber-attacks on targeted regions, other parts of the world, large tech with tons of customers should focus on their security before cooling down. A breach of such a scale is devastating for all of its customers.
