Security News
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. It's not immediately clear if the minor is one among the arrested individuals.
British cops investigating a cyber-crime group have made a string of arrests. In a statement, the force said: "Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing."
In a statement given to TechCrunch, the City of London Police said the seven are between 16 and 21: "The City of London Police has been conducting an investigation with its partners into members of a hacking group," according to Detective Inspector Michael O'Sullivan. There could well be more: Another investigator told the outlet that security researchers have identified seven unique accounts associated with Lapsus$, "Indicating that there are likely others involved in the group's operations."
As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.
Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. "Like many SaaS providers, Okta uses several companies to expand our workforce. These entities help us to deliver for our customers and make them successful with our products. Sitel, through its acquisition of Sykes, is an Okta sub-processor that provides Okta with contract workers for our Customer Support organization," explained David Bradbury, Okta's chief security officer.
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. "On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account ," Okta's Chief Security Officer, David Bradbury, said in a statement.
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "Limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer's laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.
Microsoft warns of destructive attacks by Lapsus$ cybercrime group. In a blog post published Tuesday, Microsoft provides insight into the group's tactics and techniques and offers tips on how to protect your organization from these attacks.
"No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity," Microsoft explained in an advisory about the Lapsus$ threat actors. Lapsus$ shared a screenshot of what were allegedly Microsoft's internal source code repositories: leaked files that security researchers said appear to be legitimate internal source code.
Okta is a large company that provides authentication services for companies like FedEx and Moody's to enable access to their networks. Those support engineers have limited access to data.