Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information.
The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach.
Even if stolen data doesn’t include passwords, this information could help attackers map systems, launch phishing attacks, and target internal operations, making the incident potentially serious if confirmed.
The group claimed the security breach on a dark web post, if confirmed, it could be one of the most serious healthcare cyber incidents this year.
“An alleged breach involving AstraZeneca was advertised on a Dark Web forum and also appeared on a data leak site associated with LAPSUS$.” reported SocRadar. “The listing claims the attackers obtained a large archive containing internal data, including source code, infrastructure-related material, and access-linked information.”
The alleged breach of AstraZeneca is significant because healthcare organizations hold highly valuable assets, including intellectual property, sensitive data, and critical infrastructure. Even without patient data, exposing code, systems, or credentials can enable further attacks, disrupt operations, and increase extortion risks.
“At this stage, the safest framing is that the breach was claimed by LAPSUS$ through Dark Web-related channels and a breach listing attributed to the group. The listing on the threat actors’ data leak site appears to advertise AstraZeneca data for sale.” continues the report.
AstraZeneca has not yet confirmed the alleged breach or publicly addressed the extortion group’s claims.
The incident, claimed by Lapsus$, fits a broader trend of targeting healthcare for leverage. The leaked archive appears large and structured, containing code, configurations, and operational data, suggesting a serious internal exposure rather than a minor leak, if confirmed.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Lapsus$)
