Lapsus$ attacked Globant consulting company

The Lapsus$ extortionate group has returned to its criminal activities, despite the arrest of seven alleged participants. Specialists of the VX-Underground organization shared evidence of an attack on the Luxembourg software development consulting company Globant. The criminals allegedly gained access to 70 GB of company data.

The screenshots show folders with the names Facebook, “apple-health-app”, and also mention the megacorporations DHL, Citibank and BNP Paribas. It is not known whether the folders are evidence of client data disclosure. Another folder is called Arcserve and presumably points to the data management provider of the same name, or perhaps just to Globant backups.

In addition, Lapsus$ continues to cause problems for Okta by publishing new information about its cyberattack. Cybersecurity researcher Bill Demirkapi found documents detailing the attack on the outsourced technical support provider Sitel, hired by Okta.

The documents are a log of the attack on Sitel, and describe in detail logging in via RDP, followed by a search for “privilege escalation tools on GitHub”. There is also evidence of malware downloading, termination of security software processes, and further malicious actions.

Presumably, Lapsus$ got access to the file DomAdmins-LastPass.xlsx . LastPass is a popular password management application, and DomAdmins may be short for Domain Administrators. Other documents discovered by Demirkapi mention superuser access to files.