Microsoft has confirmed that the LAPSUS$ extortion-focused hacking group had acquired limited access to its systems. Authentication services provider Okta also revealed that roughly 2.5 percent of its clients could be affected by the incident.
Both Microsoft and Okta are investigating reports that their systems have been compromised by the new, precocious data extortion gang Lapsus$.
Lapsus$ claimed to have gained admin access to internal systems at Okta, an authentication company. It also uploaded 40GB of information to its Telegram channel, including screenshots and source code from Microsoft’s internal projects and systems, according to the organization. In its rebuttal, LAPSUS$ claims that Okta was storing Amazon Web Services (AWS) keys within Slack and that support engineers appear to have “excessive access” to the messaging platform.
Read More: https://threatpost.com/lapsus-data-kidnappers-claim-snatches-from-microsoft-okta/179041/