Extortion Group Claims It Hacked AstraZeneca

Summary

The Lapsus$ extortion group has claimed responsibility for breaching pharmaceutical giant AstraZeneca and exfiltrating approximately 3GB of sensitive data, including internal code repositories, credentials, tokens, employee information, and cloud infrastructure details. The stolen data encompasses Java-based application code, GitHub Enterprise user information, SQL scripts, and supply chain workflow documentation. AstraZeneca has not yet publicly confirmed the incident, though Lapsus$ added the company to its Tor-based leak site without setting an initial price for the data.

Full text

The notorious Lapsus$ extortion group has boasted on an underground forum about hacking biopharmaceutical giant AstraZeneca and stealing roughly 3GB of data. The hackers say they exfiltrated multiple types of sensitive enterprise data from AstraZeneca, including credentials and tokens, internal code repositories, and employee data. Lapsus$ claims to have exfiltrated Java-based application code such as “controllers, repositories, services, schedulers, configuration files, and Spring Boot resources,” cybersecurity firm SocRadar reports. The leak allegedly includes project paths associated with internal development assets, Angular and Python packages, and AWS, Azure, and Terraform cloud infrastructure information. Furthermore, the hackers claim to have stolen various credentials and other secrets, GitHub Enterprise-related user information, such as roles and account details, and corporate email addresses. “The file tree also points to large numbers of SQL scripts, table definitions, views, sequence files, batch processes, and inventory or order-management components,” SocRadar notes.Advertisement. Scroll to continue reading. “In practical terms, that suggests the alleged breach may touch internal business operations, supply chain workflows, and system administration data, not just developer artifacts,” the company points out. Lapsus$ also added AstraZeneca to its Tor-based leak site, offering the allegedly stolen information for sale. However, it has not set a price for it. Should the hacking group’s claims be verified, the blast radius from the incident could be broad, as it may impact employees, partners, intellectual property, and the supply chain. The pharma giant has yet to publicly disclose the incident and confirm the extortion group’s claims. Some voices suggest that the AstraZeneca hack could be linked to the recent supply chain attack that affected Aqua’s Trivy vulnerability scanner, but security researchers are skeptical, saying that evidence is circumstantial. SecurityWeek has emailed AstraZeneca for a statement on the matter and will update this article if the company responds. Related: 3.1 Million Impacted by QualDerm Data Breach Related: Mazda Says Employee, Partner Information Stolen in Cyberattack Related: Marquis Data Breach Affects 672,000 Individuals Related: 238,000 Impacted by Bell Ambulance Data Breach Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain AttackQNAP Patches Four Vulnerabilities Exploited at Pwn2Own Tycoon 2FA Fully Operational Despite Law Enforcement TakedownEclypsium Raises $25 Million for Device Supply Chain SecurityNavia Data Breach Impacts 2.7 MillionThousands of Magento Sites Hit in Ongoing Defacement CampaignAllure Security Raises $17 Million for Online Brand Protection Latest News Chrome 146 Update Patches High-Severity VulnerabilitiesWebinar Today: Putting CIS Controls and Benchmarks into Practice3.1 Million Impacted by QualDerm Data BreachIran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting ToolCritical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms WarnMazda Says Employee, Partner Information Stolen in CyberattackStryker Says Malicious File Found During Probe Into Iran-Linked AttackRSAC 2026 Conference Announcements Summary (Pre-Event) Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move7AI has appointed Israel Barak as its first Chief Information Security Officer.Brian Harrell has been appointed Chief Security Officer at FirstEnergy.eSentire has named James C. Foster as Chief Executive Officer.More People On The MoveExpert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Lapsus$