Tag Archive for: Okta

Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta?

/in


Image for article titled Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech's Biggest Companies?

Image: Issaro Prakalung / EyeEm (Getty Images)

For the past three months, a mysterious hacker gang has been giving Silicon Valley a migraine of epic proportions. LAPSUS$, a band of cybercriminals with unorthodox techniques and a flare for the dramatic, has been on a white hot streak—lining tech companies up and knocking em’ down like bowling pins.

The gang’s targets are big: Microsoft, Samsung, Nvidia, Ubisoft, and, most recently, identity verification firm Okta, have all been hit with humiliating cyberattacks. In nearly all these cases, LAPSUS$ wormed its way deep into the corporations’ networks, where it then stole pieces of source code—the digital DNA of proprietary software. After that, the gang almost always leaked the code all over the internet, embarrassing the victim and spilling company secrets into the ether.

The group’s hacking acumen has led it into the innermost sanctums of multi-billion dollar companies, but some security researchers say that LAPSUS$ may ultimately be composed less of hardened cybercriminals than undisciplined amateurs. Indeed, a bunch of them may be literal children. On Thursday, British authorities announced the arrest of seven people said to be connected to the gang, the likes of which allegedly ranged in age from 16 to 21. The ringleader of the gang is reputed to be a 16-year-old kid from Oxford, England. That hacker, who goes by the pseudonym “White,” appears to have recently had his identity leaked to the internet by a rival cybercrime faction. In short: after a string of victories and a lot of notoriety, things don’t appear to be going particularly well for LAPSUS$—and the group may be in over their heads.

“Unlike most activity groups that stay under the radar…[LAPSUS$] doesn’t seem to cover its tracks,” said researchers with Microsoft’s Threat Intelligence Center, in a recent blog post. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations…[the gang] also uses several tactics that are less frequently used by other threat actors tracked by Microsoft.” Yet it’s those very tactics that make the gang so fascinating.

The…

Source…

As teen hacker is linked to Lapsus$, Okta provides more details on data breach

/in


Shares in identity and access management company Okta Inc. dropped today as it provided more details about the company’s data breach, as the mastermind behind the Lapsus$ ransomware gang that had taken credit for the data breach was reported to be a 16-year-old boy from the U.K.

As reported yesterday, both Okta and Microsoft Corp. were targeted by Lapsus$. In Okta’s case, screenshots of internal Okta information were shared on Telegram late Monday.

Okta has confirmed that there was a breach and Chief Security Officer David Bradbury has shared a full rundown of what occurred, including a complete timeline of what happened and when.

Bradbury went through when Okta first became aware of a compromise and the story starts on Jan. 20 at 11:18 p.m. The company received an alert that a new factor was added to a Sitel Group employee’s Okta account from a new location. Sitel is one of several companies that Okta employees as a “sub-processor” to provide customer support.

Within 28 minutes of the initial alert, the change of details was escalated to a security incident. By 12:28 a.m. Jan. 21, the Okta service desk terminated the user’s Okta sessions and suspended the account. Later the same day, Okta shared the details with Sitel, which then said it had retained outside support from a leading forensics firm.

The forensics firm delivered a report to Sitel on March 10, with a summary report sent to Okta on March 17. Then, things took a turn, as Lapsus$ shared screenshots on March 22. Sitel then delivered the full report to Okta later the same day.

Following the back and forth, Okta ascertained that the screenshots had been taken from a Sitel support engineer’s computer. The engineer’s computer had been remotely accessed by an attacker using remote desktop protocol. Okta noted that though the attacker never gained access to Okta itself via account takeover, the computer logged into Okta was compromised and hence obtained screenshots and controlled the machine through the RDP session.

“I am greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report,” Bradbury wrote. “Upon…

Source…

Lapsus$ Ransomware Continues Its Attack: OKTA Is Its Latest Victim – Synopsys – Information Security Buzz

/in



Lapsus$ Ransomware Continues Its Attack: OKTA Is Its Latest Victim – Synopsys  Information Security Buzz

Source…

Authentication firm Okta says up to 366 customers potentially hit by hack

/in


By Raphael Satter

WASHINGTON (Reuters) – Hundreds of customers of digital authentication firm Okta Inc have possibly been affected by a security breach caused by a hacking group known as Lapsus$, the company said on Tuesday.

The breach has sparked concern since the cyber extortion gang posted what appeared to be internal screenshots from within the organization’s network roughly a day ago.

In a series of blog posts, Chief Security Officer David Bradbury said the “maximum potential impact” was to 366 customers whose data was accessed by an outside contractor, Sitel.

The contractor employed an engineer whose laptop the hackers had hijacked, he added.

The 366 number represented a “worst case scenario,” Bradbury cautioned, adding that, in any case, the hackers had been constrained in their range of possible actions.

Okta, based in San Francisco, helps employees of more than 15,000 organizations securely access their networks and applications, so a breach at the company could lead to serious consequences across the Internet.

Bradbury said the intrusion would not have given “god-like access” to the intruders as they would have been unable to perform actions such as downloading customer databases or accessing Okta’s source code.

Okta first got wind of the breach in January, he added, while the Miami-based Sitel Group only received a forensic report about the incident on March 10, giving Okta a summary of the findings a week later.

Bradbury said he was “greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report.”

Sitel did not immediately return a message seeking comment early on Wednesday.

(Reporting by Raphael Satter; Editing by Shri Navaratnam)

Source…