Security News > 2022 > March > Lapsus$ ‘Back from Vacation’

Lapsus$ ‘Back from Vacation’
2022-03-30 16:29

The Lapsus$ data extortionists are back from a week-long "Vacation," they announced on Telegram, posting ~70GB worth of data purportedly stolen from software development giant Globant.

"We are officially back from a vacation," the gang wrote on their Telegram channel, posting images of exfiltrated data and admin credentials.

The shared, 70GB torrent file purportedly also contains Globant's source code, as well as the Atlassian admin passwords.

Vx-underground - an internet collection of malware source code, samples and papers - cited security researcher Dominic Alvieri in tweeting that Lapsus$ threw Globant's sysadmins "Under the bus" by exposing their passwords to Confluence and other DevOps platforms.

"We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times," the collection noted.

After reviewing the admin passwords, GovInfoSecurity found that a similar-looking password was reused for the Confluence and Jira platforms, while the one used for GitHub "Appears similar to ones on the list of 200 most commonly used passwords."


News URL

https://threatpost.com/lapsus-back-from-vacation/179156/