The LAPSUS $ hacking group has carried out cyberattacks against Okta Inc. and Microsoft Corp., according to multiple reports published today.
The same hacking group previously compromised proprietary data belonging to Nvidia Corp. and Samsung Electronics Co. Ltd.
Publicly traded Okta provides software that companies use to manage how employees log into internal business applications. Okta has more than 15,000 customers worldwide, including major enterprises. Because the company’s software is used to manage employee logins, it plays an important role in its customers’ cybersecurity operations.
Reuters reported today that the LAPSUS $ hacking group posted screenshots of internal Okta information on Telegram late Monday. Okta confirmed the breach this morning and shared additional details.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors,” stated Octa co-founder and Chief Executive Officer Todd McKinnon. “The matter was investigated and contained by the subprocessor.”
Elaborating, McKinnon added that “we believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January. ”
Shortly before Okta confirmed the incident, BleepingComputer reported that LAPSUS $ had launched a cyberattack against Microsoft as well. The hacking group reportedly obtained the source code for multiple Microsoft products including Bing.
According to BleepingComputer, LAPSUS $ posted a screenshot on its Telegram page late Sunday that indicated it had hacked Microsoft’s internal Azure DevOps deployment. Azure DevOps is a platform that developers use to store source code and perform related software development tasks. On Monday, LAPSUS $ reportedly leaked a file containing 37 gigabytes of internal Microsoft data, including source code for Bing, Cortana and other products.
Microsoft stated today that it is investigating the matter. The company has not confirmed whether its internal Azure DevOps deployment experienced a breach.
LAPSUS $ recently carried out high-profile cyberattacks against multiple other tech giants. According to reports from earlier this month, the hacking group compromised Nvidia’s internal systems and stole proprietary data from the chipmaker. More recently, Samsung disclosed a breach that compromised “source code relating to the operation of Galaxy devices” and was reportedly carried out by LAPSUS $ as well.
Data breaches affecting the tech industry’s largest companies are fairly rare. Major tech firms make significant investments in cybersecurity: Microsoft, for example, spends about $ 1 billion every year on protecting its network from hackers. The recent data breaches targeting tech giants could lead the industry’s major players, as well as smaller companies such as startups, to further expand their cybersecurity operations.