Site icon TechNewsBoy.com

Microsoft and Okta detail the impact of recent Lapsus$ attacks

Both Microsoft and Okta have admitted that their systems were indeed infiltrated by the Lapsus$ hacking group, but both companies also said that the cyberattack’s impact was limited. In a post on the Microsoft Security blog, the tech giant has revealed that the group gained limited access to its systems using a single compromised account. 

When the hacking group released a torrent with stolen data, it said the package included 90 percent of Bing’s source code and 45 percent of Cortana and Bing Maps code. Microsoft didn’t say whether those products’ codes were indeed stolen, but it explained that it “does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Apparently, the company was already investigating the compromised account even before Lapsus$’s announcement. The group’s move prompted Microsoft to move more quickly, allowing it interrupt the bad actor in the middle of its operation, thereby limiting its impact.

Meanwhile, Okta updated its old post made in response to the hacking claim and revealed that approximately 2.5 percent of its customers may have had their data viewed or acted upon. While the company has tens of thousands of customers, it actually supports “hundreds of millions of users,” according to its website. Okta confirmed it has already contacted the affected customers directly via email. 

Okta previously said that it discovered a five-day window in January where an attacker had access to a support engineer’s laptop. However, it said the potential impact to Okta customers is limited, because support engineers only have access to limited data. Lapsus$ claimed that the statement was a lie, because it was able to log into a “superuser portal with the ability to reset the password and MFA” of around 95 percent of the company’s clients.

In addition to announcing the results of its investigation, Microsoft has also detailed how Lapsus$ operates in its post. The group apparently uses various tactics to gain entry into its targets’ systems, such as relying on social engineering and using password stealers. It also purchases logins from underground forums and even pays employees working in target organizations to use their credentials, approve MFA prompts and to install remote management software on a corporate workstation if needed. At times, it also performs SIM-swapping attacks to get access to a user’s phone number in order to receive their two-factor codes. 

If it only gains access to account credentials for someone with limited privileges at first, it explores the company’s collaboration channels like Teams and Slack or exploits vulnerabilities to gain logins for users higher up in the organization. Microsoft said the group started by targeting cryptocurrency accounts, stealing wallets and funds. Eventually, it also targeted telecom companies, higher educational institutions and government organizations in South America and then worldwide. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version