A prominent hacking group is creating more headaches for some of the world’s biggest companies. Lapsus$ has previously claimed responsibility for high-profile of hacks of Samsung and NVIDIA, and has now posted screenshots that indicate that it has gained access to Okta’s backend systems.
If true, the hack could have a massive ripple effect across multiple industries. Lapsus$ has posted screenshots that were purportedly pulled from Okta’s internal Slack channels on its Telegram account, and claims to have had Superuser/Admin access to Okta’s systems for the past two months. However, the group has stated that Okta is not its primary target, and that it is instead looking to go after some of the more than 15,000 organizations that rely on Okta for cybersecurity. In that regard, Okta’s client roster includes corporate giants like FedEx and T-Mobile, in addition to government agencies like the FCC.
For its part, Okta is currently investigating the Lapsus$ claim, though the company seems to believe that Lapsus$ has overstated its case and its level of access. An Okta spokesperson acknowledged that there was a cybersecurity incident in January, in which a hacker attempted to compromise the account of a third party support engineer working with an Okta subprocessor. The spokesperson went on to state that the problem was identified and contained at that time, and that there is no evidence of someone with unapproved access.
That is obviously at odds with the Lapsus$ post, and it is not yet clear whose version of events is correct. Okta believes that the screenshots were pulled from that January attack. Lapsus$, on the other hand, says that Okta is still dealing with an ongoing concern, and that it has not managed to purge all of the malicious actors from its systems.
Either way, Okta’s customers are advised to be extra vigilant at the current moment. Several independent cybersecurity experts have indicated that Lapsus$ has provided enough evidence to lend credibility to its claims, so anyone using Okta for authentication should be on high alert for any signs of malfeasance, at least until the situation is fully investigated.
Lapsus$ was able to obtain key source code in the Samsung and NVIDIA cases, and in the latter instance threatened to release that code unless NVIDIA eases its cryptocurrency mining restrictions. It seems likely that the Okta attack is also financially motivated, although it is not yet clear if the group has made any demands of the security provider.