Skip to main content

Microsoft hacker LAPSUS$ just claimed yet another victim

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

A person inputs code into a system.
Image used with permission by copyright holder

The consequences for the latest victims of LAPSUS$ can’t be understated: Okta’s service is used by some of the world’s biggest companies, including FedEx and T-Mobile. Government agencies such as the Federal Communications Commission also rely on its authentication technology.

In a statement, Okta stressed that only a minor percentage of its customers were affected.

“After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon.”

Okta’s latest comments come after LAPSUS$ released several photos on its Telegram channel containing sensitive information pertaining to the breach.

Okta’s response to the incident prompted a stern reaction from some, including Dan Starner, an infrastructure software engineer at Salesforce. As initially reported by VentureBeat, Starner tweeted:

I said last night this was very, very bad.

Today I trusted @okta and thought it was okay.

Now I know it’s very, very bad and that I don’t trust @okta anymore. Security is hard and breaches happen, but lying by omission is worse than telling us our data may be compromised. https://t.co/TjaXt08RKc

— Dan Starner (@dan_starner) March 23, 2022

Bill Demirkapi, an independent security researcher, also offered his thoughts on the situation, as reported by Reuters:

“In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements.”

LAPSUS$ said on its Telegram channel that its “focus was ONLY on Okta customers,” as opposed to the company itself. It also added that “the potential impact to Okta customers is NOT limited.”

“I’m pretty certain resetting passwords and [Multifactor authentication] would result in complete compromise of many clients systems,” the hacking group stated.

This is our 3rd attempt at sharing the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.

Photos 5 – 8 attached below. pic.twitter.com/KGlI3TlCqT

— vx-underground (@vxunderground) March 22, 2022

Elsewhere, Okta spokesperson Chris Hollis stressed in an earlier statement to The Verge that the attack was confined to the activity initially detected in January. However, LAPSUS$ asserted that it had access to the “Superuser/Admin” account for two months. To that end, the group said Okta was apparently storing Amazon Web Services (AWS) keys within Slack channels.

Okta is not the only high-profile company LAPSUS$ has targeted this week. Software giant Microsoft also confirmed that a malicious threat actor managed to gain “limited access” to its systems. As a result, the source codes for both Cortana and search engine Bing were reportedly leaked.

Previously, LAPSUS$ leaked the source code for Nvidia’s proprietary DLSS code, which was a part of a larger 1TB hack.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Windows just gave us another reason not to download fresh updates
Windows 11 blue error crash screen.

As if we needed another reason to hold off on downloading the latest patches before they've been tested by a considerable number of people, Microsoft's most recent Windows Update comes with an unfortunate side effect -- it causes blue screens for some users. The blue screen shows up right at boot, citing the "UNSUPPORTED_PROCESSOR" error as the stop code. Here's what we know, and more importantly, how to make sure this doesn't affect your PC too.

The issue started popping up right after the latest Windows 11 update, KB5029351, which brought the operating system up to version 22621.2215. The build addresses some issues and brings minor improvements, such as adding a new hover behavior to the search box gleam and improving the reliability of the Search app.

Read more
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.

According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail, and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.

Read more
Hacker sent to jail for huge 2020 Twitter breach
A Twitter logo graphic.

A British man who took part in a high-profile Twitter hack in 2020 was handed a five-year jail term by a New York federal court on Friday.

Joseph O’Connor, 24, had pled guilty in May to four counts of computer hacking, wire fraud, and cyberstalking. He was also ordered to pay $794,000, the amount that he nabbed in the crypto crime.

Read more