Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach.

“No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding that the breach was facilitated by means of a single compromised account that has since been remediated to prevent further malicious activity.

The Windows maker, which was already tracking the group under the moniker DEV-0537 prior to the public disclosure, said it “does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”

“This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” the company’s security teams noted.

Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer’s laptop during a five-day window between January 16 and 21, but that the service itself was not compromised. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *