THE Lapsus$ extortion group has boasted on an underground forum about hacking biopharmaceutical giant AstraZeneca and stealing roughly 3GB of data, including credentials, tokens and employee information. The hackers say they exfiltrated multiple types of sensitive enterprise data from AstraZeneca, such as internal code repositories and project paths, along with details on Angular and Python packages and cloud infrastructure information.
The leak site reportedly includes the stolen material on a Tor-based page, and AstraZeneca has yet to publicly disclose the incident or confirm the claims. Should the hacking group’s claims be verified, the blast radius could be broad, potentially touching employees, partners, intellectual property, and the supply chain, according to SocRadar.
Some voices have suggested a link to a recent supply chain attack affecting Aqua’s Trivy vulnerability scanner, but security researchers are skeptical, calling the evidence circumstantial. 24 March 2026.