Hackers Lapsus$ reportedly create chaos, but Okta maintains no breach occurred in their security system

In a series of recent cyberattacks, the extortion group Lapsus$ has claimed responsibility for breaches at tech giants Nvidia, Microsoft, and Okta.

Following the Nvidia breach in February, the company took immediate steps to shore up security, hiring incident response experts and notifying law enforcement. Microsoft is currently investigating the claims made by Lapsus$, which also alleges responsibility for breaches at Nvidia in February and Microsoft on Monday.

The Lapsus$ group has also shared claims of breaches and leaks at Samsung and LG Electronics, according to screenshots shared by vx-underground. However, inquiries to Samsung and LG were not immediately returned.

Okta, a leading identity and access management company, has over 15,000 customers and partners, including Amazon Web Services, Microsoft, and Google Cloud. The company was impacted by the Log4j vulnerability, as stated in a December statement. Okta issued a statement on Tuesday denying any ongoing security incident following claims of a breach by Lapsus$. The company also noted that it deployed mitigations and patches for components of its identity service that used Log4j shortly after initial disclosure. Okta is continuing its investigation and will provide more information as it becomes available.

The screenshots connected with the alleged Okta breach are believed to be related to a January security incident where a third-party customer support engineer's account was compromised. The group claimed to have accessed source code for Bing, Bing Maps, and Cortana, according to screenshots from their official Telegram channel.

Okta's high-profile customer base, which includes the three largest cloud service providers, makes it a potentially attractive target for cyberattacks. Given the reported connections to previous security incidents involving vulnerabilities in Windows systems and authentication protocols, the companies potentially affected by the Okta security breach could include prominent tech firms such as Microsoft and Apple.

This trend suggests a growing awareness and concern about cybersecurity among corporate stakeholders. Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, asking whether they are potential targets. This growing awareness and concern about cybersecurity is a positive development, as it encourages companies to prioritise and invest in robust cybersecurity measures.

Hackers Lapsus$ reportedly create chaos, but Okta maintains no breach occurred in their security system