AstraZeneca has been named by Lapsus$ in posts on the group’s leak channels, claiming responsibility for a recent compromise affecting the pharmaceutical company. According to the claims, several gigabytes of internal data were taken and later shared across multiple platforms, including what was described as “full source code” and employee-related information. Some of the material reportedly appeared on a dark web forum. AstraZeneca has not publicly commented on the incident.
Lapsus$’s background
Lapsus$ first gained attention in 2022 after attacks on companies including Okta, Nvidia, Samsung, and T-Mobile. Some members have been arrested in the UK, but the group continues to appear in new breach claims. More recently, Lapsus$ claimed a breach involving Adidas Extranet, alleging access to usernames, passwords, and technical information.
What Lapsus$ claims to have accessed
Lapsus$ says it obtained access to several categories of AstraZeneca’s internal data, including full source code, employee database material, GitHub Enterprise user information, internal API keys, AWS credentials and service accounts, and database access credentials for MongoDB and MySQL. The alleged breach reportedly includes both technical infrastructure and employee-related records, which could affect internal systems as well as corporate data.
Samples shared by the group
According to the claims, the leaked data includes GitHub workspace names, employee roles, links to profiles, full names, and work email addresses. Other samples reportedly contain employee details tied to AstraZeneca-linked clinical research companies, including full names, work emails, user identifiers, and company affiliations. Another sample appears to show a tree structure of internal software repositories, suggesting that proprietary source code may have been accessed.
Why the breach matters
If confirmed, the exposure could create multiple layers of risk. Access to source code may allow outsiders to identify vulnerabilities or hardcoded credentials that could provide paths to other systems or intellectual property. The employee information also carries separate concerns. Names, emails, and organizational details can be used for targeted phishing or social engineering attacks, especially for employees with elevated access. The structured nature of the alleged data could make such attacks more effective.
Employee information and social engineering risks
Individuals whose details were allegedly exposed may face increased risks from targeted impersonation attempts. The dataset reportedly provides insight into who holds access to critical systems, which could assist attackers in crafting precise social engineering campaigns. Lapsus$ has previously cooperated with actors such as ShinyHunters, increasing the potential relevance of these employee records in follow-on attacks.
Conclusion
The AstraZeneca incident remains defined by Lapsus$’s public claims. The group asserts it accessed source code, employee records, cloud-related keys, and database credentials. Until AstraZeneca provides confirmation or further verification, the full extent of the breach remains unclear. What is certain is that Lapsus$ is the actor behind the claims, and the alleged data could carry serious implications for both technical systems and personnel.
0 Comments