WASHINGTON - March 22, 2022 - Okta Inc (OKTA.O), a supplier of authentication services, said on Tuesday that it is looking into a complaint of a data breach after hackers shared pictures of what they said was its internal corporate environment.
Because hundreds of other organizations rely on Okta to control access to their own networks and apps, a breach at the San Francisco-based corporation may have huge ramifications.
Okta spokesman Chris Hollis stated in a brief statement that the business was aware of the accusations and was looking into them.
"As additional information becomes available, we will make updates," he continued.
The screenshots were shared late Monday on the Telegram channel of a group of ransomware-seeking hackers known as LAPSUS$. The organization stated in an accompanying post that their emphasis was "ONLY on Okta consumers."
The screenshots looked to be genuine, according to security experts.
"I absolutely believe that is legitimate," said independent security researcher Bill Demirkapi, who cited screenshots of what seemed to be Okta's internal tickets and an internal Slack discussion.
Umair Akbar, senior cloud security engineer at a consultancy, agreed that the hack was real and advised Okta users to be "very alert right now."
"There are timestamps and dates evident in the pictures showing January 21st of this year, which shows they may have had access for two months," Akbar wrote in an email.
After the Lapsus$ ransomware group claimed access to its networks, Okta, a prominent Single Sign-On provider that allows customers to use one account to enter into various digital services, acknowledged to The Record Tuesday that it is investigating a potential breach.
"Okta is aware of the claims and is presently investigating," said Chris Hollis, senior communications manager at Okta, in an email to The Record. "As additional information becomes available, we will offer updates." The probe has already been verified by Reuters. The probe was originally confirmed by Reuters.
Lapsus$ is a new threat actor that has been connected to attacks on digital infrastructure, notably chipmaker NVIDIA, over its tumultuous history. An assault on Okta, if confirmed, would be a huge breach of digital supply networks.
In recent years, the US Cybersecurity and Infrastructure Agency (CISA) has focused on securing digital supply chains.
CISA and the US President both issued warnings on Monday based on "developing intelligence" regarding Russian state-sponsored attempts to disrupt key infrastructure in reaction to financial penalties imposed in response to Russia's invasion of Ukraine.
"If you haven't already done so," the president said in a statement Monday, "I urge our private sector partners to quickly enhance their cyber defenses by applying the best practices we've created together over the previous year."
Lapsus$ claimed to have leaked 37 GB of stolen source code for Bing, Cortana, and other Microsoft projects on Monday, and Microsoft acknowledged it was looking into the matter.
Additionally, the gang claimed today that they had infiltrated LG Electronics (LGE) for the "second time" in a year, albeit this claim has not been corroborated by BleepingComputer:
LG Electronics is said to have been hacked by Lapsus. Mercado Libre announced last month that they had been hacked by Lapsus$, which has previously published terabytes of sensitive material reportedly obtained from top businesses such as Samsung and NVIDIA.
Material extortion gangs like as Lapsus$ penetrate victims, but instead of encrypting private files like ransomware, these actors steal and hold on to victims' proprietary data, which they then disseminate if their extortion demands are not satisfied.
If Lapsus$' allegations of a breach of Okta's systems prove to be true, it'll be interesting to see how many of Okta's clients were affected and to what degree.
Company Name: National Alliance for Cybersecurity Advancement
Contact Person: Media Relations
Email: Send Email
Country: United States