The cybercriminal group known as Lapsus$ has been making headlines with claims of major breaches at both Okta, a leading identity management platform, and Microsoft. These incidents, which occurred in early 2022, have raised significant concerns about data security and the potential for widespread disruption.
Okta Breach
Lapsus$ asserted that they gained access to Okta’s internal systems, potentially compromising the security of the platform and its numerous clients. The group has claimed that they had access since January 2022 and that they had the ability to reset passwords of around 95% of Okta’s customers. Okta, while confirming a breach, stated it was the result of a compromised third-party support engineer account and that it impacted only around 2.5% of its customers. This discrepancy highlights the ongoing challenge in confirming the full scope of the breach.
Impact of the Okta Breach⁚ Okta’s services are used by many well-known companies, including Fedex, Peloton, SONOS, T-Mobile, Hewlett Packard Enterprise, and JetBlue. A breach into Okta could have a cascading effect on these companies.
Microsoft Source Code Leak
In addition to the Okta breach, Lapsus$ also claimed to have compromised Microsoft’s internal Azure DevOps server. They leaked what they purported to be 37 GB of stolen source code, including code for Bing, Cortana, and other Microsoft projects. Microsoft acknowledged that a single account was compromised and that source code was stolen. However, they have stated that the code was not sensitive and the group’s motivation was theft and destruction.
Impact of the Microsoft Source Code Leak⁚ While Microsoft insists that the leaked code is not critical, the exposure of internal source code raises concerns about potential vulnerabilities that could be exploited by malicious actors.
Lapsus$ Tactics and Motivation
Lapsus$ has been described as a cybercriminal actor motivated by theft and destruction. They have been known to steal source code and other valuable data from prominent companies and leak it in apparent extortion attempts. Some of the other companies they reportedly targeted include Nvidia, Samsung, and Ubisoft.
Timeline of Events
- Early 2022⁚ Lapsus$ allegedly gains access to Okta systems.
- March 20, 2022⁚ Lapsus$ announces breach of Microsoft’s Azure DevOps server.
- March 21, 2022⁚ Lapsus$ posts screenshots of stolen data on Telegram.
- March 22, 2022⁚ Microsoft confirms a breach and source code theft.
- March 23, 2022⁚ Okta confirms a breach via a third party.
Conclusion
The Lapsus$ breaches at Okta and Microsoft serve as a stark reminder of the ever-present threat of cyberattacks. Even with robust security measures, sophisticated threat actors can find vulnerabilities and exfiltrate sensitive data. The ongoing investigations at Okta and Microsoft will hopefully provide more insights into the full extent of the breaches, and help to prevent similar attacks in the future. The incident highlights the importance of continuous monitoring, vulnerability management, and incident response planning for all organizations.