Lapsus$ Gang Claims New Hack Related to Apple Health Project

After a short “vacation”, the hacking gang Lapsus$ is back – and both Facebook and Apple may be on the target list.

In a post shared on the group’s Telegram channel on Wednesday, Lapsus claimed to have stolen $70GB of data from Globant – an international software development company headquartered in Luxembourg that has some of the world’s largest companies as customers.

Screenshots of the hacked data, originally posted by Lapsus$ en shared on Twitter from security researcher Dominic Alvieri, was found to show folders with the names of a range of global companies: among them were delivery and logistics company DHL, US cable network C-Span and French bank BNP Paribas.

Also in the list were tech giants Facebook and Apple, with the latter named in a folder titled “apple-health-app.” The edge could not immediately verify that the directories contained source code from the two companies, and neither had responded to a request for comment at the time of publication. However, an earlier press release from Globant mentions a project co-developed with Apple to build an app that companies can use to track employee health behaviors using features of the Apple Watch.

Globant had not responded to a request for comment at the time of publication.

On Telegram, Lapsus$ shared a torrent link to the allegedly stolen data with a message announcing, “We’re officially back from vacation.”

If confirmed, the leak would show a rapid return to activity after seven suspected members of Lapsus$ were arrested by British police less than a week ago.

The arrests, first reported on March 24 by BBC News, were made by the City of London police after a year-long investigation into the alleged ringleader of the gang, believed to be a teenager living with his parents in Oxford lives. On the other side of the Atlantic, the FBI is also looking for information on Lapsus$ in connection with the breach of American companies.

The Lapsus$ gang has been remarkably prolific in the range and scale of companies it has breached, having previously extracted data from a number of well-known tech companies, including Nvidia, Samsung, Microsoft and Vodafone.

Most recently, Lapsus$ has been in the spotlight for a hack that compromised the Okta authentication platform, leaving thousands of companies on high alert for subsequent breaches. The latest hack was an embarrassment to a company that provides security services to other companies and sparked criticism of Okta for its slow disclosure.

Related Posts

Leave a Reply

Your email address will not be published.