The Lapsus$ hacker grouping kickoff fabricated news in December 2021 when it conducted a ransomware attack against the Brazilian Ministry building of Health, exposing millions of Brazilians’ COVID-19 vaccination data. After that, with a succession of cyberattacks against a diverseness of high-profile targets, the group has made a reputation for itself.
The Lapsus$ hacking gang disclosed that information technology had stolen data from big-name companies including Microsoft, Samsung, and Okta. Following previous Lapsus$ attacks, it is thought that their arroyo is ransomware, and if they do not get their demands, the information volition be leaked online. There is no evidence that ransomware engages in the Lapsus$ attacks since no data is encrypted. However, this does non remove the fact that the attacks are destructive. Ane of the latest victims of Lapsus$ is enterprise identity and admission management provide past Okta.
In a tweet, Lapsus$ hacker group stated they had admin privileges at Okta, a company that provides commercial multi-cistron hallmark. Following a comprehensive examination of these claims, Okta determined that a express number of customers 2.5 percent may have been affected and whose data may have been seen or acted upon. Okta has identified those customers and have already contacted them.
According to Okta CISO David Bradbury:
“We are actively continuing our investigation, including identifying and contacting those customers that may accept been impacted. There is no bear on to Auth0 customers, and there is no touch on to HIPAA and FedRAMP customers.”
Since then, Lapsus$ has claimed to have gained access to a back up engineer’s laptop and has shared screenshots alleging system admission. The following images were shared on Telegram and other social media platforms.
Okta received a report from the forensics firm this week after the service provider’s enquiry was completed. A hacker had access to a support engineer’due south laptop for a 5-twenty-four hours period between January 16 and 21, 2022, according to the study.
In a tweet Okta admitted that they made a error:.
Todd McKinnon the CEO of Okta tweeted the following statement in response to the incident:
“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious action beyond the activity detected in Jan.”
Another attack occurred; Samsung has confirmed a information breach involving a hacker’s group that appeared to take stolen 190GB of lawmaking from the company’southward top Milky way smartphone line. Samsung confirmed that the alienation would accept no touch on on consumers or the visitor’s operations but in that location is notwithstanding critical business organisation. The Lapsus$ leak alert did not end there, with allegations that biometric unlock algorithms, bootloader source code, and Samsung activation server code also being hacked.
According to CNBC, a Samsung spokeswoman said:
“According to our initial assay, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees.”
The attacks continue; Lapsus$ has besides revealed that Microsoft has been hacked. The hackers have released a torrent file claiming to take source code from Bing, Bing Maps, and Cortana, even though the company claims the attackers simply had limited access.
Lapsus$ also posts letters on its public Telegram channel, urging prospective malevolent insiders to come forrard with VPN, VDI, or Citrix credentials in return for an undetermined payment in an unidentified currency.
Subsequently the attack on Okta, a report identified an England-based teenager as the hacker group’s leader, with another teenage member living in Brazil. One of the grouping’s members is said to exist then practiced at hacking that researchers mistook their activity for automatic. Seven teens were arrested by London police force on March 24th in connectedness with the Lapsus$ grouping.
Any individuals who believe their business relationship has been hacked should change their password immediately. Businesses should too teach their employees how to spot phishing emails and report them in addition to providing Security Awareness Preparation.
Has your organisation started to increase cyber security measures all the same? Start your two-week gratis trial today.