Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information.
The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach.
Even if stolen data doesn’t include passwords, this information could help attackers map systems, launch phishing attacks, and target internal operations, making the incident potentially serious if confirmed.
The group claimed the security breach on a dark web post, if confirmed, it could be one of the most serious healthcare cyber incidents this year.
“An alleged breach involving AstraZeneca was advertised on a Dark Web forum and also appeared on a data leak site associated with LAPSUS$.” reported SocRadar. “The listing claims the attackers obtained a large archive containing internal data, including source code, infrastructure-related material, and access-linked information.”
EXPLORE MORE
Democrat candidate stops attending church to avoid sitting with Trump voters
(LifeSiteNews) – Rebecca Bennett, a Democrat nominee for Congress in New Jersey,…
Missing Juvenile Destiny Rivera from the 35th District
The Philadelphia Police Department is requesting the public’s help in locating 16-year-old…
US says ‘narcoterrorist’ cartel boss killed in Venezuela strike (VIDEO) — RT World News
The Pentagon said the operation to hunt down the leader of the…
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Authorities in the US and Europe disrupted the SocksEscort proxy service, which…
Hackers targeted Poland’s National Centre for Nuclear Research
Hackers targeted Poland’s National Centre for Nuclear Research, but security systems detected…
Missing Juvenile Johnnyaliz Castillo-Muniz from the 25th District
Missing Juvenile Johnnyaliz Castillo-Muniz from the 25th District | Philadelphia Police Department…
The alleged breach of AstraZeneca is significant because healthcare organizations hold highly valuable assets, including intellectual property, sensitive data, and critical infrastructure. Even without patient data, exposing code, systems, or credentials can enable further attacks, disrupt operations, and increase extortion risks.
“At this stage, the safest framing is that the breach was claimed by LAPSUS$ through Dark Web-related channels and a breach listing attributed to the group. The listing on the threat actors’ data leak site appears to advertise AstraZeneca data for sale.” continues the report.
AstraZeneca has not yet confirmed the alleged breach or publicly addressed the extortion group’s claims.
The incident, claimed by Lapsus$, fits a broader trend of targeting healthcare for leverage. The leaked archive appears large and structured, containing code, configurations, and operational data, suggesting a serious internal exposure rather than a minor leak, if confirmed.
