The LAPSUS$ group claims to have breached AstraZeneca plc, a British-Swedish multinational pharmaceutical and biotechnology giant headquartered in Cambridge, UK. The notorious hacking collective has resurfaced, allegedly attempting to sell a compressed 3GB internal data dump on illicit forums. Rather than utilizing their historical tactic of public extortion, the group appears to be shifting toward a pay-to-access model, actively encouraging potential buyers to negotiate direct purchases through the secure messaging application Session.
According to the actor, the allegedly compromised data includes highly sensitive intellectual property, infrastructure configuration details, and a root folder containing a critical internal supply-chain portal repository (als-sc-portal-internal). The specific compromised components include:
-
Source Code (Java Spring Boot applications, Angular frontend frameworks, and various Python scripts)
-
Cloud Infrastructure (Terraform configurations for AWS and Azure environments, alongside Ansible automation roles)
-
Secrets and Access (Private cryptographic keys, Vault credentials, and authentication tokens for GitHub and Jenkins CI/CD pipelines)
-
Supply Chain Data (Forecasting, inventory tracking, SAP system integration, and OTIF delivery metrics)
