The threat actors are currently attempting to sell a compressed 3GB internal data dump, signaling a potential shift towards pay-to-access extortion methods.
LAPSUS$, previously known for high-profile breaches targeting major technology firms, appears to be active again with this alleged compromise of AstraZeneca’s internal systems. The group has posted teasers of the stolen data on illicit forums, detailing the contents of the .tar.gz archive and providing screenshots as proof.
The threat actors are attempting to entice potential buyers to contact them via the secure messaging application Session to negotiate a purchase. Currently, no full leak has been made publicly available for free, indicating that the group’s primary motive in this instance is financial gain through a direct sale rather than immediate public extortion.
The threat actors have also provided password-protected paste links containing redacted secrets as further proof of access to prospective buyers. AstraZeneca has not commented on the incident, and no official statement has been released as of March 20, 2026.
According to the threat actors’ claims on the breach forum, the 3GB data dump contains a wide array of highly sensitive intellectual property and infrastructure configuration details.
| Asset Category | Compromised Components |
|---|---|
| Source Code | Java Spring Boot applications, Angular frontend frameworks, and various Python scripts. |
| Cloud Infrastructure | Terraform configurations for AWS and Azure environments, alongside Ansible roles used for automation and orchestration. |
| Secrets and Access | Private cryptographic keys, Vault credentials, and authentication tokens related to GitHub and Jenkins CI/CD pipelines. |
To substantiate their claims, the attackers have released public samples revealing specific internal repository structures and project details. The exposed directory tree highlights a root folder named AZU_EXFIL, which contains a critical supply-chain portal repository identified as als-sc-portal-internal.
This internal portal appears to manage several core logistical functions crucial to pharmaceutical distribution, including forecasting, inventory tracking, product master data management, SAP system integration, and On-Time In-Full (OTIF) delivery metrics.
These exposed details suggest that the breach, if legitimate, could have far-reaching implications for AstraZeneca’s internal supply chain operations and overall cloud infrastructure security.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post AstraZeneca Data Breach – LAPSUS$ Group Allegedly Claims Access to Internal Data appeared first on Cyber Security News.
When New Hampshire instituted a bell-to-bell ban on personal electronic devices in public schools last…
The future of athletics at Memorial Field has encountered a new obstacle. A November inspection…
Danielle St. Onge heard the ceiling above her office in the Belmont Mill heaving to…
Crimson Desert developer Pearl Abyss has launched a “comprehensive” audit of all in-game assets after…
Matt Murdock – aka Daredevil! – is back for Season 2 of Daredevil: Born Again…
HADLEY — A 75,000-square-foot cap on the size of retail businesses, put in place 20…
This website uses cookies.