Lapsus$’s latest confirmed cybercrime victims are Microsoft and authentication services provider Okta

The hacking group is on a roll

Image by Darwin Laganzon from Pixabay 

Cybercrime is the bane of the internet. Time and time again we’ve seen companies fall prey to hackers. T-Mobile was attacked last year, while Nvidia and Samsung have been under threat in recent times. Some of these breaches result in little to no data exposure, while others end in potentially devastating data losses. The latter might be the case in the latest compromises of Microsoft and popular authentication services provider Okta Inc.

As reported by Bleeping Computer, the Lapsus$ hacking group appears to have obtained data from Microsoft’s servers, extracting parts of the source code for Bing, Cortana, and further internal projects on Sunday. It looks like only parts of the source code have been leaked, with the hacking group posting a torrent containing 9GB worth of data on Monday. Bleeping Computer supposedly has sources telling it that the group has a total of 37GB of Microsoft data in its possession, so there might be more to come. Microsoft is currently looking into these claims.

Meanwhile, Okta is investigating a potential breach after hacking group Lapsus$ posted screenshots on Telegram supposedly showing the company’s internal company environment, per Reuters. The pictures, as seen in a tweet by independent security researcher Bill Demirkapi, suggest that Lapsus$ may have gotten access to a host of interfaces, including Okta’s Slack channels, company VPNs, and the @Cloudflare tenant, possibly with the ability to reset employee passwords.

Lapsus$ says its focus is only on Okta customers, but the unnerving part of the report is that the group claims to have had access to Okta’s systems for two months, which correlates with the date in the screenshots (consistently appearing as January 21st, 2022). The situation is even more dire when you realize that Okta services tens of thousands of customers around the world, including well-known government agencies, universities, and companies like T-Mobile, Peloton, Sonos, and the FCC.

Despite the ruckus, Okta has downplayed the incident in a statement to The Verge. Official Chris Hollis said the company detected an attempt to compromise a third-party customer support engineer working for one of its subprocessors in late January. However, it was investigated and contained and there’s been no evidence of an ongoing attack since then. The report suggests that the screenshots could be connected to this January incident.

Lapsus$ is a household name in the world of cybercrime. It broke into Nvidia’s internal network last month and stole a lot of sensitive data — including hashed login credentials and critical trade secrets behind the company’s chips — which it has threatened to reveal. The cyber gang also targeted Samsung earlier this month, making away with vital information, such as algorithms for biometric unlocking operations and company source codes.

Google’s Android statues are being repaired and will return soon

Read Next

About The Author