Skip to main content

Microsoft hacker LAPSUS$ just claimed yet another victim

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

A person inputs code into a system.
Image used with permission by copyright holder

The consequences for the latest victims of LAPSUS$ can’t be understated: Okta’s service is used by some of the world’s biggest companies, including FedEx and T-Mobile. Government agencies such as the Federal Communications Commission also rely on its authentication technology.

Recommended Videos

In a statement, Okta stressed that only a minor percentage of its customers were affected.

“After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon.”

Okta’s latest comments come after LAPSUS$ released several photos on its Telegram channel containing sensitive information pertaining to the breach.

Okta’s response to the incident prompted a stern reaction from some, including Dan Starner, an infrastructure software engineer at Salesforce. As initially reported by VentureBeat, Starner tweeted:

I said last night this was very, very bad.

Today I trusted @okta and thought it was okay.

Now I know it’s very, very bad and that I don’t trust @okta anymore. Security is hard and breaches happen, but lying by omission is worse than telling us our data may be compromised. https://t.co/TjaXt08RKc

— Dan Starner (@dan_starner) March 23, 2022

Bill Demirkapi, an independent security researcher, also offered his thoughts on the situation, as reported by Reuters:

“In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements.”

LAPSUS$ said on its Telegram channel that its “focus was ONLY on Okta customers,” as opposed to the company itself. It also added that “the potential impact to Okta customers is NOT limited.”

“I’m pretty certain resetting passwords and [Multifactor authentication] would result in complete compromise of many clients systems,” the hacking group stated.

This is our 3rd attempt at sharing the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.

Photos 5 – 8 attached below. pic.twitter.com/KGlI3TlCqT

— vx-underground (@vxunderground) March 22, 2022

Elsewhere, Okta spokesperson Chris Hollis stressed in an earlier statement to The Verge that the attack was confined to the activity initially detected in January. However, LAPSUS$ asserted that it had access to the “Superuser/Admin” account for two months. To that end, the group said Okta was apparently storing Amazon Web Services (AWS) keys within Slack channels.

Okta is not the only high-profile company LAPSUS$ has targeted this week. Software giant Microsoft also confirmed that a malicious threat actor managed to gain “limited access” to its systems. As a result, the source codes for both Cortana and search engine Bing were reportedly leaked.

Previously, LAPSUS$ leaked the source code for Nvidia’s proprietary DLSS code, which was a part of a larger 1TB hack.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers are using this incredibly sneaky trick to hide malware
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass -- or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

Read more
Bing Chat just beat a security check to stop hackers and spammers
A depiction of a hacker breaking into a system via the use of code.

Bing Chat is no stranger to controversy -- in fact, sometimes it feels like there’s a never-ending stream of scandals surrounding it and tools like ChatGPT -- and now the artificial intelligence (AI) chatbot has found itself in hot water over its ability to defeat a common cybersecurity measure.

According to Denis Shiryaev, the CEO of AI startup Neural.love, chatbots like Bing Chat and ChatGPT can potentially be used to bypass a CAPTCHA code if you just ask them the right set of questions. If this turns out to be a widespread issue, it could have worrying implications for everyone’s online security.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more