Skip to main content

Here’s the major mistake one LAPSUS$ hacking victim made

Digital security authentication company Okta raised eyebrows when it confirmed it was targeted by Microsoft and Nvidia hackers, LAPSUS$, around two months after the breach occurred.

The wait between the initial period of the cyber security incident and the official acknowledgment of the hack caused serious concern among security researchers and the technology community. Now, Okta has published an FAQ regarding the situation where it admits the firm made a mistake.

laptop hacked
Digital Trends

LAPSUS$ claimed to have gained access to Okta’s systems through infiltrating one of its customers, Sitel, in January. Okta confirmed as much when it stated that it detected suspicious activity on January 20. It says it received a “summary report about the incident from Sitel” on March 17.

However, Okta only confirmed the hack after LAPSUS$ released sensitive images last week. The company, which provides authentication technology to some of the largest companies in the world — including government agencies — has now responded to the severe backlash in an FAQ:

“We want to acknowledge that we made a mistake. Sitel is our service provider for which we are ultimately responsible.

“In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel.

“In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.”

Elsewhere, leaked documents shared with Wired by independent security researcher Bill Demirkapi call into question the strength, or apparent lack thereof, of Sitel’s security system and mitigation responses, as well as showcasing “apparent gaps in Okta’s response to the incident.”

According to the report, LAPSUS$ relied on tools such as Mimikatz, which is designed to extract passwords, to gain further access to Sitel’s systems.

“The attack timeline is embarrassingly worrisome for Sitel group,” Demirkapi stressed. “The attackers did not attempt to maintain operational security much at all. They quite literally searched the internet on their compromised machines for known malicious tooling, downloading them from official sources.”

Strong backlash

In any case, both security researchers and Okta’s own clients have found fault with how the firm has responded to the hack.

For example, as reported by Computing.co.uk, Tenable CEO Amit Yoran, which is a cybersecurity firm as well as an Okta customer, provided a strongly-worded statement addressed to Okta via LinkedIn:

“You either didn’t investigate properly or disclose the breach in January when it was discovered. When you were outed by LAPSUS$, you brushed off the incident and failed to provide literally any actionable information to customers. LAPSUS$ then called you out on your apparent misstatements. Only then do you determine and admit that 2.5% (hundreds) of customers’ security was compromised. And still actionable detail and recommendations are nonexistent.

“No indicators of compromise have been published, no best practices and no guidance has been released on how to mitigate any potential increase in risk. As a customer, all we can say is that Okta has not contacted us.”

Demirkapi echoed the sentiments of the aforementioned open letter when he initially commented on the incident last week. “In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements,” he said.

Meanwhile, seven hackers associated with LAPSUS$ (aged 16 to 21) were apparently arrested last week in London, according to Wired. However, they were all eventually released without being formally charged.

LAPSUS$ has made quite an entry into the hacking community. We initially found out about them via its 1TB Nvidia hack, which was recently followed by an infiltration of Microsoft’s systems. As for the latter firm, it has already reportedly seen source codes for Cortana and its Bing search engine being leaked.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
Experts found a record number of zero-day hacks in 2021
A digital depiction of a laptop being hacked by a hacker.

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies.

Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Read more