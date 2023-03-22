from the today's-break-ins dept.
First Microsoft, then Okta: New ransomware gang posts data from both:
A relatively new entrant to the ransomware scene has made two startling claims in recent days by posting images that appear to show proprietary data the group says it stole from Microsoft and Okta, a single sign-on provider with 15,000 customers.
The Lapsus$ group, which first appeared three months ago, said Monday evening on its Telegram channel that it gained privileged access to some of Okta's proprietary data. The claim, if true, could be serious because Okta allows employees to use a single account to log in to multiple services belonging to their employer.
In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.
[...] Over the weekend, the same Telegram channel posted images to support a claim Lapsus$ made that it breached Microsoft systems. The Telegram post was later removed—but not before security researcher Dominic Alvieri documented the hack on Twitter.
[...] On Monday—a day after the group posted and then deleted the images—Lapsus$ posted a BitTorrent link to a file archive that purportedly contained proprietary source code for Bing, Bing Maps, and Cortana, all of which are Microsoft-owned services. Bleeping Computer, citing security researchers, reported that the contents of the download were 37GB in size and appeared to be genuine Microsoft source code.
Microsoft on Tuesday said only: "We are aware of the claims and investigating."
Lapsus$ is a threat actor that appears to operate out of South America or possibly Portugal, researchers at security firm Check Point said. Unlike most ransomware groups, the firm said, Lapsus$ doesn't encrypt the data of its victims. Instead, it threatens to release the data publicly unless the victim pays a hefty ransom. The group, which first appeared in December, has claimed to have successfully hacked Nvidia, Samsung, Ubisoft, and others.
Also reported at:
- Lapsus$ hackers leak 37GB of Microsoft's alleged source code
- Microsoft confirms Lapsus$ hackers stole source code via 'limited' access
