Security News

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "Limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer's laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.

Okta is a large company that provides authentication services for companies like FedEx and Moody's to enable access to their networks. Those support engineers have limited access to data.

Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft's source code and have gained access to the laptop of a support engineer working for a third-party contractor for Okta, allowing them to potentially impact approximately 2.5% of the company's customers. After the gang published screenshots from Okta's internal systems and said that they focused their incursion on Okta customers, the company's CEO first said that, in late January 2022, they detected an attempt to compromise the account of a customer support engineer working for one of their subprocessors, and that "There is no evidence of ongoing malicious activity beyond the activity detected in January."

Identity management as-a-service platform Okta says the Lapsus$ extortion gang may in fact have managed to see some of its customers' data, and Microsoft has admitted the crew got its grubby paws on some source code. Okta claims to have more than 15,000 customers, so if 2.5 per cent have been compromised that could be 375 organisations that now need to determine if all logons to their preferred clouds - and the actions taken by authenticated users - were legitimate and/or innocuous.

Identity management as-a-service platform Okta has admitted that the Lapsus$ extortion gang managed to see some of its customers' data, and Microsoft has admitted the gang got its grubby paws on some source code. An updated post detailing Okta's response to news of an attack on the service sees chief security officer David Bradbury admit "a small percentage of customers - approximately 2.5% - have potentially been impacted and whose data may have been viewed or acted upon."

Okta confirmed today they suffered a security incident in January when hackers compromised a laptop of one of its support engineers that could initiate password resets for customers. "The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop. This is consistent with the screenshots that we became aware of yesterday," Okta says in an updated statement on the incident.

Okta confirmed today they suffered a security incident in January this year when hackers gained access to the laptop of one of its support engineers that could initiate passwords resets fort customers. Results from the forensic investigation showed that the attacker had an opportunity window of five days, during which time the intruder had access to the laptop of an Okta support engineer that could initiate passwords resets fort customers.

Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. The purported Okta screenshots included one that appears to show Okta's Slack channels and another with a Cloudflare interface.

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals. Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

After breaching NVIDIA and Samsung and stealing and leaking those companies' propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. The gang has substantiated their claims by leaking torrents supposedly containing partial source code for Bing, Bing Maps, and Microsoft Cortana, as well as posting - a screenshot of an internal Microsoft Azure DevOps account.