Okta, an authentication company that is used by 15,000 organizations, has warned its users of a potential breach. According to Reuters, the warning from Okta comes shortly after Lapsus$ posted screenshots of what are claimed to be Okta’s internal systems to its Telegram channel. These images included systems like Slack and Cloudflare.
LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof.
The photos we are sharing has been edited so no sensitive information or user identities are displayed.
Image 1 – 4 attached below. pic.twitter.com/nR8V56dLu2
— vx-underground (@vxunderground) March 22, 2022
On the Telegram channel Lapsus$ stated that it has had “Superuser/Admin” access to Okta’s systems for two months, despite this, the group claimed it would only focus its efforts “on Okta customers.”
The developing situation
Naturally, as a company that protects company systems through authentication, this hack could be incredibly damaging to Okta’s reputation.
Speaking about the incident, an Okta spokesperson told The Verge: “In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.”
Hollis continued: “We believe the screenshots shared online are connected to this January event.
“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
Time will tell whether Okta has greater security concerns to investigate, in the meantime, there are more developing threats.
Microsoft has also faced an attack from Lapsus$. The group shared images that showed “BingUX,” “Bing-Source,” and “Cortana,” implying that they had accessed the source code for Microsoft’s virtual assistant and search engine. There were also images that suggested the group had access to other areas of the company.
The group appears to be recruiting internal staff, and according to Gizmodo Lapsus$ wrote on Telegram a list of companies where they accepted insiders. The list included IBM, Apple, and Microsoft.
Lapsus$ clarified what it wanted: “TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk.”
In response, Microsoft stated: “We are aware of the claims and are investigating.”
These breaches come shortly after President Biden warned about the possible threat of cyberattacks from Russia: “Today, my administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”
Of course, if Lapsus$ is using employees to make breaches then security will need to be taken further and adapt to the threat. Nonetheless, given the Russia-Ukraine crisis, there has never been a more important time to sure up your security.