嗯,用户让我用中文总结这篇文章,控制在一百个字以内,而且不需要特定的开头。我得先仔细读一遍文章内容,抓住主要信息。 文章讲的是网络犯罪团伙Lapsus$声称入侵了制药巨头阿斯利康,窃取了3GB的数据,包括凭证、代码和员工信息。虽然阿斯利康还没有确认这个事件,但数据泄露可能带来严重后果,比如帮助攻击者绘制系统、发起钓鱼攻击等。这个事件如果属实,将是今年最严重的医疗网络事件之一。 接下来,我需要把这些要点浓缩到100字以内。首先提到Lapsus$声称入侵阿斯利康,然后说明窃取的数据类型和潜在影响。同时要指出阿斯利康尚未确认。 可能会用到的关键词:网络犯罪团伙、入侵、阿斯利康、3GB数据、凭证、代码、员工信息、潜在严重性、医疗行业重大事件。 现在组织语言:网络犯罪团伙Lapsus$声称入侵制药巨头阿斯利康,窃取3GB数据包括凭证、代码和员工信息。此事件若属实,可能成为今年医疗行业最严重网络安全事件之一。尽管公司尚未确认,但泄露数据可能被用于进一步攻击或勒索。 检查字数是否在100字以内,并确保没有使用任何特定的开头词。 </think> 网络犯罪团伙Lapsus$声称入侵制药巨头阿斯利康,窃取3GB数据包括凭证、代码和员工信息。此事件若属实,可能成为今年医疗行业最严重网络安全事件之一。尽管公司尚未确认,但泄露数据可能被用于进一步攻击或勒索。 2026-3-25 10:0:48 Author: securityaffairs.com(查看原文) 阅读量:5 收藏
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information.
The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach.
Even if stolen data doesn’t include passwords, this information could help attackers map systems, launch phishing attacks, and target internal operations, making the incident potentially serious if confirmed.
The group claimed the security breach on a dark web post, if confirmed, it could be one of the most serious healthcare cyber incidents this year.
“An alleged breach involving AstraZeneca was advertised on a Dark Web forum and also appeared on a data leak site associated with LAPSUS$.” reported SocRadar. “The listing claims the attackers obtained a large archive containing internal data, including source code, infrastructure-related material, and access-linked information.”
The alleged breach of AstraZeneca is significant because healthcare organizations hold highly valuable assets, including intellectual property, sensitive data, and critical infrastructure. Even without patient data, exposing code, systems, or credentials can enable further attacks, disrupt operations, and increase extortion risks.
“At this stage, the safest framing is that the breach was claimed by LAPSUS$ through Dark Web-related channels and a breach listing attributed to the group. The listing on the threat actors’ data leak site appears to advertise AstraZeneca data for sale.” continues the report.
AstraZeneca has not yet confirmed the alleged breach or publicly addressed the extortion group’s claims.
The incident, claimed by Lapsus$, fits a broader trend of targeting healthcare for leverage. The leaked archive appears large and structured, containing code, configurations, and operational data, suggesting a serious internal exposure rather than a minor leak, if confirmed.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Lapsus$)
如有侵权请联系:admin#unsafe.sh