The Lapsus$ hacker group first made news in December 2021 when it conducted a ransomware attack against the Brazilian Ministry of Health, exposing millions of Brazilians’ COVID-19 vaccination data. After that, with a succession of cyberattacks against a variety of high-profile targets, the group has made a reputation for itself.
The Lapsus$ hacking gang disclosed that it had stolen data from big-name companies including Microsoft, Samsung, and Okta. Following previous Lapsus$ attacks, it is thought that their approach is ransomware, and if they do not get their demands, the data will be leaked online. There is no evidence that ransomware engages in the Lapsus$ attacks since no data is encrypted. However, this does not remove the fact that the attacks are destructive. One of the latest victims of Lapsus$ is enterprise identity and access management provide by Okta.
In a tweet, Lapsus$ hacker group stated they had admin privileges at Okta, a company that provides commercial multi-factor authentication. Following a comprehensive examination of these claims, Okta determined that a limited number of customers 2.5 percent may have been affected and whose data may have been seen or acted upon. Okta has identified those customers and have already contacted them.
According to Okta CISO David Bradbury:
“We are actively continuing our investigation, including identifying and contacting those customers that may have been impacted. There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers.”
Since then, Lapsus$ has claimed to have gained access to a support engineer’s laptop and has shared screenshots alleging system access. The following images were shared on Telegram and other social media platforms.
Okta received a report from the forensics firm this week after the service provider’s inquiry was completed. A hacker had access to a support engineer’s laptop for a five-day period between January 16 and 21, 2022, according to the study.
In a tweet Okta admitted that they made a mistake:.
Todd McKinnon the CEO of Okta tweeted the following statement in response to the incident:
“We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
Another attack occurred; Samsung has confirmed a data breach involving a hacker’s group that appeared to have stolen 190GB of code from the company’s top Galaxy smartphone line. Samsung confirmed that the breach would have no impact on consumers or the company’s operations but there is still critical concern. The Lapsus$ leak warning did not end there, with allegations that biometric unlock algorithms, bootloader source code, and Samsung activation server code also being hacked.
According to CNBC, a Samsung spokeswoman said:
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees.”
The attacks go on; Lapsus$ has also revealed that Microsoft has been hacked. The hackers have released a torrent file claiming to have source code from Bing, Bing Maps, and Cortana, even though the company claims the attackers only had limited access.
Lapsus$ also posts messages on its public Telegram channel, urging prospective malevolent insiders to come forward with VPN, VDI, or Citrix credentials in return for an undetermined payment in an unidentified currency.
After the attack on Okta, a report identified an England-based teenager as the hacker group’s leader, with another teenage member living in Brazil. One of the group’s members is said to be so good at hacking that researchers mistook their activity for automated. Seven teens were arrested by London police on March 24th in connection with the Lapsus$ group.
Any individuals who believe their account has been hacked should change their password immediately. Businesses should also teach their employees how to spot phishing emails and report them in addition to providing Security Awareness Training.
Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.