Connect with us

Hi, what are you looking for?

Cyber Security

Okta investigates LAPSUS$ gang’s compromise claims

Okta, the authentication and identity management giant, is investigating claims supposedly made by malicious hackers that they compromised its internal environment with the intention of targeting Okta customers.

LAPSUS$, a ransomware gang first identified in December 2021, has claimed to have achieved ‘superuser’ access to Okta.com, according to screenshots circulating on Twitter today (March 22).

“For a service that powers authentication systems to many of the largest corporations (and FedRAMP approved) I think these security measures are pretty poor,” reads a message shown in the screenshots.

“Before people start asking: we did not access/steal any databases from Okta – our focus was only on Okta customers,” it continued.

The screenshots also appear to show that the attackers had access to a raft of enterprise accounts, including Jira, AWS, Salesforce, Zoom, Google Workspace, and Confluence within the targeted environment.

San Francisco-based Okta provides Single Sign-On (SSO), multi-factor authentication (MFA), and related services for more than 15,000 customers.

‘No evidence of malicious activity’

Okta responded to LAPSUS$’ claims in a statement issued today:

“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

Matthew Prince, CEO of Cloudflare, an Okta customer, tweeted earlier today: “We are resetting the @Okta credentials of any employees who’ve changed their passwords in the last 4 months, out of abundance of caution. We’ve confirmed no compromise. Okta is one layer of security. Given they may have an issue we’re evaluating alternatives for that layer.”

Shane Curran, CEO at data security firm Evervault, commented: “Okta currently has hundreds of millions of users and is preparing to scale users rapidly. If confirmed, this breach could wreak havoc on businesses worldwide that rely on the service to keep them safe and could prove to be a nightmare scenario for Okta and its customers.”

Prolific gang

LAPSUS$ has been linked to damaging hacks of Ubisoft, Samsung, and Vodafone in recent weeks. On Monday the prolific group boasted of one of its biggest victims to date, alleging it had compromised Microsoft’s internal Azure DevOps server and subsequently leaked 37GB of stolen source code for several Microsoft projects.

Part of a wider trend, Lapsus$ appears to favor extorting victims based on threats to publish stolen sensitive data rather than encrypting data and demanding payment in return for a decryption key.

These ransom demands became rather unconventional in the case of US chipmaker Nvidia, which it reportedly tried to blackmail into removing mining hashrate limiters on certain graphics cards and open-sourcing its GPU drivers.

“Most of these attacks have targeted source code repositories allowing them to steal proprietary data,” Borja Rodriguez, threat hunting team lead at cybersecurity company Blueliv commented.

“Even security researchers cannot specify which (if any) ransomware strains the group uses, or how they are breaching these companies. Some of them believe that they recruit employees or insiders that can give them access to any telecommunications companies, large software/gaming corporations, call centers or big server hosts; and also using phishing to gain initial access.”

Advertisement. Scroll to continue reading.

The Daily Swig has contacted Okta for further comment. We will update this article should we receive a response.

Source: https://portswigger.net/daily-swig/okta-investigates-lapsus-gangs-compromise-claims

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO