Lapsus Group Claims Checkmarx Breach, Dumps 100GB of Data
The Lapsus threat group has claimed Checkmarx as its latest victim, according to Cyber News - Erez Dasa. Lapsus has allegedly published approximately 100GB of data for download, asserting that the trove includes source code, keys, databases, and other sensitive information.
This is a significant claim, given Checkmarx’s position as a prominent application security testing (AST) vendor. If validated, a breach of this magnitude against a security firm could expose not only Checkmarx’s own intellectual property and customer data but also potentially impact the security posture of its clients who rely on their tools for code analysis.
Lapsus’s modus operandi typically involves targeting high-profile organizations and extorting them, often publishing data if demands are not met. The immediate public release of data suggests either failed negotiations or a direct intent to inflict maximum damage and embarrassment on Checkmarx.
What This Means For You
- If your organization uses Checkmarx products, you need to be on high alert. Validate the authenticity of this breach claim and monitor Checkmarx's official communications. Immediately consider rotating any API keys, credentials, or secrets that may have been stored or processed by Checkmarx systems, particularly if you've integrated their tools into your CI/CD pipelines. This isn't just about Checkmarx; it's about potential downstream supply chain risk.
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Lapsus Group Data Exfiltration - Checkmarx Breach
Written by SCW Threat Desk