LAPSUS$ Group Claims AstraZeneca Data Breach, Internal Data
The notorious hacking collective LAPSUS$ has re-emerged, allegedly claiming responsibility for a significant data breach impacting multinational pharmaceutical and biotechnology company AstraZeneca....
The notorious hacking collective LAPSUS$ has re-emerged, allegedly claiming responsibility for a significant data breach impacting multinational pharmaceutical and biotechnology company AstraZeneca.
The threat actors are currently attempting to sell a compressed 3GB internal data dump, signaling a potential shift towards pay-to-access extortion methods.
LAPSUS$, previously known for high-profile breaches targeting major technology firms, appears to be active again with this alleged compromise of AstraZeneca’s internal systems. The group has posted teasers of the stolen data on illicit forums, detailing the contents of the .tar.gz archive and providing screenshots as proof.
The threat actors are attempting to entice potential buyers to contact them via the secure messaging application Session to negotiate a purchase. Currently, no full leak has been made publicly available for free, indicating that the group’s primary motive in this instance is financial gain through a direct sale rather than immediate public extortion.
The threat actors have also provided password-protected paste links containing redacted secrets as further proof of access to prospective buyers. AstraZeneca has not commented on the incident, and no official statement has been released as of March 20, 2026.
AstraZeneca Data Breach Claims
According to the threat actors’ claims on the breach forum, the 3GB data dump contains a wide array of highly sensitive intellectual property and infrastructure configuration details.
| Asset Category | Compromised Components |
|---|---|
| Source Code | Java Spring Boot applications, Angular frontend frameworks, and various Python scripts. |
| Cloud Infrastructure | Terraform configurations for AWS and Azure environments, alongside Ansible roles used for automation and orchestration. |
| Secrets and Access | Private cryptographic keys, Vault credentials, and authentication tokens related to GitHub and Jenkins CI/CD pipelines. |
To substantiate their claims, the attackers have released public samples revealing specific internal repository structures and project details. The exposed directory tree highlights a root folder named AZU_EXFIL, which contains a critical supply-chain portal repository identified as als-sc-portal-internal.
This internal portal appears to manage several core logistical functions crucial to pharmaceutical distribution, including forecasting, inventory tracking, product master data management, SAP system integration, and On-Time In-Full (OTIF) delivery metrics.
These exposed details suggest that the breach, if legitimate, could have far-reaching implications for AstraZeneca’s internal supply chain operations and overall cloud infrastructure security.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.