Cybersecurity, Privacy, & AI

Trending Now

Agriculture Department Kicks Off $300M Palantir Deal on IT, National Security Work • Vercel Attack Fallout Expands to More Customers and Third-Party Systems • Seeing the Cyber in Economic Statecraft • Responding to a Data Breach: How to Preserve the Attorney-Client Privilege • NIST Cyber Center to Launch OT ‘Visibility’ Project

Published on March 28, 2022 • Cyber

Okta and Microsoft Confirmed Hacked by Lapsus$ Group

Sarawut Aiemsinsuk | Shutterstock

A hacker group known as Lapsus$ has claimed successful hacks of both identity authentication company Okta and software pillar Microsoft. In the Okta incident, the group claims it had access to a “super user” administrative account, and to have reset the password and multi-factor authentication tokens of the company’s users. Okta’s customers include FedRAMP-certified applications by the FCC, Veterans Affairs, and Medicaid/Medicare. In the Microsoft incident, the group has posted what appears to be 37GB of source code: for Cortana, Bing, and especially Bing Maps. Several UK-based members of the group—ranging in age from 16 to 21—have been arrested, based in part on information learned in the attack on Microsoft.

Okta stated that its service “has not been breached and remains fully operational” with “no corrective actions that need to be taken by our customers.” It says the breach only affected an affiliate and was closed shortly after it was discovered. The company later clarified that roughly 2.5% of its customers “have potentially been impacted”, then capped the number at 366. It acknowledged that the hackers had access to a support engineer’s laptop for five days in January, which did not have access to user data.

Microsoft has confirmed that an account with “limited access” was compromised, but stressed that no customer code or data was exposed. It maintains that the security of its software doesn’t depend on the secrecy of its source code, so there is no elevated risk if it is exfiltrated. Microsoft described the group—which it designates as DEV-0537—as relying heavily on a wide variety of tactics, especially social-engineering such as witting or unwitting assistance of insiders.

Source:

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.