Microsoft and Okta are Investigating Potential Attacks by the Lapsus$ Hacking Group

Microsoft and Okta are Investigating Potential Attacks by the Lapsus$ Hacking Group

Following screenshots allegedly originating from security breaches at Microsoft and identity and authentication supplier Okta, both firms are looking into probable Lapsus$ hacking attempts.

After screenshots purported to be from the firms' internal environments were released to the Lapsus$ group's Telegram channel this week, the corporations issued statements to various media sites saying they were investigating.

Lapsus$ Claims To Have Accessed Microsoft Source Code

The Lapsus$ hacker gang claims to have gained access to Microsoft's internal Azure DevOps server and stolen source code for Bing, Cortana, and other projects. Lapsus$ issued a torrent for a 9 GB 7zip package containing source code from over 250 reportedly Microsoft projects, including Bing, Bing Maps, and Cortana, after a snapshot was posted to the group's Telegram channel.


Picture: blogtuan


According to Bleeping Computer, the files appear to be authentic, and some of them contain emails and documents that Microsoft programmers used to build mobile apps. Microsoft is looking into the allegations.

Microsoft has made no public statements, but it has told multiple news sources that it is aware of the accusations and is looking into them.

Lapsus$ Activity May Be From January Security Incident

In addition to Microsoft, Lapsus$ has shared screenshots of what appear to be Okta's internal webpages, causing many in the cybersecurity industry to express concern on social media over the weekend.

If Okta's software is compromised, it could be used in a supply chain attack against millions of users and customers. This attack would include significant league baseball, T Mobile, Moody's, Hewlett Packard Enterprise, Sonos, FedEx, Ally Financial, and other well-known companies.

Okta CEO Todd McKinnon claimed on Twitter that the screenshots released on Lapsus$'s Telegram channel are thought to be linked to a January attempted hack of a third-party customer care engineer. When we inquired for more information, the Okta spokeswoman returned us the same message.


Picture: Wired


The claims made by Lapsus$ about hacking internal systems at Okta and Microsoft appear to be true. Especially in the case of Okta, where screenshots allege to reveal internal tickets and Slack conversations.

In recent months the Lapsus$ organization has been highly active, with multiple verified examples of compromise against very significant corporations.

According to Bleeping Computer and these firms' public pronouncements, the hacker organization has recently targeted NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre, stealing source code and confidential data.

Customers of Okta should be cautious until the company provides additional details regarding the issue.

1 ratings
Jessica Vieira
Jessica Vieira
Jessica Vieira is ProductReviews's senior media reporter, covering the intersection of entertainment and technology.