The hacking group LAPSUS$ has reportedly resurfaced, claiming responsibility for a cyberattack targeting global pharmaceutical company AstraZeneca. According to posts on underground forums, the group is attempting to sell a 3GB archive of allegedly stolen internal data, marking a potential shift toward direct monetization through data sales rather than immediate public leaks.
The group, previously linked to several high-profile breaches in the technology sector, has shared limited samples of the purported data as proof of access. These include screenshots and references to internal file structures, intended to attract buyers. Instead of releasing the data publicly, the attackers are reportedly inviting interested parties to initiate negotiations via encrypted messaging platforms At this stage, no full dataset has been published, and the claims remain unverified. AstraZeneca has not issued an official statement regarding the incident .
Based on the attackers’ claims, the stolen data may include sensitive internal information related to AstraZeneca’s systems and operations. The group has pointed to a compressed archive containing what they describe as intellectual property and infrastructure-related data.
Sample materials shared by the attackers suggest access to internal repositories, including a directory structure referencing a supply chain portal. This system is believed to support key operational functions such as inventory management, forecasting, product data handling, and integration with enterprise systems If confirmed, such exposure could pose risks not only to AstraZeneca’s internal operations but also to its broader supply chain and logistics processes.
Unlike previous incidents where LAPSUS$ publicly leaked data to pressure victims, this case appears to focus on selling access to the stolen information. The group has reportedly shared password-protected snippets of data to demonstrate authenticity while restricting full access to paying parties This approach reflects a growing trend among cybercriminal groups to monetize breaches more discreetly, targeting specific buyers rather than engaging in large-scale public extortion campaigns.
As of now, there is no independent confirmation of the breach or the extent of any potential compromise. Security experts advise caution when evaluating claims made on underground forums, as such announcements are sometimes exaggerated or used to generate attention. If validated, the incident would highlight ongoing risks faced by large enterprises, particularly in sectors such as pharmaceuticals where intellectual property and operational data are highly valuable targets. Organizations are increasingly urged to strengthen monitoring, secure internal repositories, and adopt proactive threat intelligence practices to detect and respond to potential breaches early.
Recommended Cyber News:
-
Cohesity Enhances Data Cloud with Google Threat Intelligence and Malware Scanning
-
OPNsense 26.1 Enhances Firewall Automation and Threat Intelligence
- Loblaw Investigates Data Breach After Network Hack
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
