Globant Source Code Breached As Lapsus$ Strikes Again

Lapsus$, a hacker group about which little is known, claim to have breached the customer data of several large tech companies including Okta, Microsoft, Samsung, Nvidia, and now Globant.

The Lapsus$ hacker gang appears to have snagged yet another victim, this time by breaking into global software services company Globant to steal source code and documents.

Luxembourg-based Globant Wednesday, in a statement released online, said its code repository was breached, although it did not say the attack was caused by the Lapsus$ hackers.

“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation. According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected. We are taking strict measures to prevent further incidents,” Globant wrote.

[Related: ‘Two Months Is Too Long’: Tenable CEO Slams Okta’s Breach Response]

Reuters Wednesday reported that Lapsus$, in its Telegram channel, posted a screenshot showing customer source code taken from multiple technology companies who are clients of Globant. Reuters also reported that Lapsus$ stole about 70 GBs of source code from those customers.

Globant, in response to a CRN request for more information, said that it is for now only providing the information in its online statement.

Globant stock fell 10 percent during the trading day Wednesday to $247.84 per share.

The Lapsus$ hacking group this year has been very active. Despite its activity, however, little is known about it, including where it is based or if it has ties to other ransomware gangs.

Lapsus$ on March 22 posted screenshots on its Telegram channel showing data it claims to have stolen from identity security giant Octa.

Two days before boasting about hitting Okta, Lapsus$ posted on Telegram saying it had breached internal source code repositories for Microsoft Azure DevOps. Lapsus$ shared images on Telegram showing access to projects related to Bing and Cortana. Shortly after publication, Lapsus$ removed the post and published the message “Deleted for now will repost later.”

Lapsus$ in early March claimed to have stolen Samsung’s source code and biometric unlocking algorithms for its Galaxy devices, compromising sensitive hardware controls. The breach involved 190 GBs of Samsung data, and included leaked source code for trusted applets, algorithms for biometric unlock operations, bootloader source code for all recent Samsung devices, and authentication codes, Lapsus$ said.

In late February, Nvidia allegedly launched a retaliatory strike against Lapsus$ to prevent the release of the chipmaker’s stolen data, Lapsus$ claimed. Nvidia said the threat actors obtained the company’s network credentials and through deception, obtained two-factor authentication capability and access to Nvidia’s network.

Michael Novinson contributed to this article.