Skip to main content

Microsoft hacker LAPSUS$ just claimed yet another victim

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

Related Videos
A person inputs code into a system.

The consequences for the latest victims of LAPSUS$ can’t be understated: Okta’s service is used by some of the world’s biggest companies, including FedEx and T-Mobile. Government agencies such as the Federal Communications Commission also rely on its authentication technology.

In a statement, Okta stressed that only a minor percentage of its customers were affected.

“After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon.”

Okta’s latest comments come after LAPSUS$ released several photos on its Telegram channel containing sensitive information pertaining to the breach.

Okta’s response to the incident prompted a stern reaction from some, including Dan Starner, an infrastructure software engineer at Salesforce. As initially reported by VentureBeat, Starner tweeted:

I said last night this was very, very bad.

Today I trusted @okta and thought it was okay.

Now I know it’s very, very bad and that I don’t trust @okta anymore. Security is hard and breaches happen, but lying by omission is worse than telling us our data may be compromised. https://t.co/TjaXt08RKc

— Dan Starner (@dan_starner) March 23, 2022

Bill Demirkapi, an independent security researcher, also offered his thoughts on the situation, as reported by Reuters:

“In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements.”

LAPSUS$ said on its Telegram channel that its “focus was ONLY on Okta customers,” as opposed to the company itself. It also added that “the potential impact to Okta customers is NOT limited.”

“I’m pretty certain resetting passwords and [Multifactor authentication] would result in complete compromise of many clients systems,” the hacking group stated.

This is our 3rd attempt at sharing the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.

Photos 5 – 8 attached below. pic.twitter.com/KGlI3TlCqT

— vx-underground (@vxunderground) March 22, 2022

Elsewhere, Okta spokesperson Chris Hollis stressed in an earlier statement to The Verge that the attack was confined to the activity initially detected in January. However, LAPSUS$ asserted that it had access to the “Superuser/Admin” account for two months. To that end, the group said Okta was apparently storing Amazon Web Services (AWS) keys within Slack channels.

Okta is not the only high-profile company LAPSUS$ has targeted this week. Software giant Microsoft also confirmed that a malicious threat actor managed to gain “limited access” to its systems. As a result, the source codes for both Cortana and search engine Bing were reportedly leaked.

Previously, LAPSUS$ leaked the source code for Nvidia’s proprietary DLSS code, which was a part of a larger 1TB hack.

Editors' Recommendations

It’s not just you — Microsoft admits its patches broke OneDrive
Microsoft OneDrive files can sync between a PC and a phone.

If you’ve been experiencing OneDrive crashes and error messages, before digging too deep for a solution, note that it might be Microsoft’s fault. Common solutions like restarting, or signing out and back in won’t help because the issue is with the latest Windows 10 update.

Apparently, the problem begins after installing the 22H2 update for Windows 10 that was released on October 18, 2022. Today, Microsoft confirmed that after updating Windows 10, OneDrive might “unexpectedly close,” a nice way to describe a crash. This problem isn’t affecting Windows 11 computers and it’s still possible to use OneDrive via a browser.

Read more
Is Microsoft’s new PC cleaner just an Edge ad in disguise?
The new PC Manager app on a Windows 11 desktop

Microsoft really wants you to use the Edge browser, so much so that the company has tied it to PC optimization in a new settings app. Microsoft PC Manager does what you could always do by opening the settings menu, but the new app also prompts you to set Edge as your default browser.

Screenshots of the new app were posted on Twitter by @ALumia_Italia and appears to show what is a public beta of the app. The app performs basic maintenance functions. You can check startup apps, check for updates, run disk cleanup, and other minor optimizations.

Read more
Beware: Hackers are using a clever Microsoft Edge malvertising scam
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

If you're still using Microsoft Edge, you need to beware -- a new malvertising campaign has just been discovered, and if you fall victim to it, your PC might be at risk.

According to Malwarebytes, the attackers are abusing Microsoft Edge's News Feed feature to target their victims. Here's what we know about this clever new scam.

Read more