Both Microsoft and Okta admitted that their systems were penetrated by the Lapsus$ hacking group, but both companies said that the impact was limited. The group gained limited access to its systems using a single compromised account, according to a post on the Microsoft Security blog.
The package included 90 percent of Bing's source code and 45 percent of Bing Maps code, according to the hacking group. Microsoft didn't say whether those products were stolen, but it did say that it doesn't rely on the secrecy of code as a security measure and that viewing source code doesn't lead to elevation of risk. Microsoft was able to interrupt the bad actor in the middle of its operation because of the group's move.
In response to the hacking claim, Okta updated its post and revealed that 2.5 percent of its customers may have had their data viewed or acted upon. The company has tens of thousands of customers, but it actually supports hundreds of millions of users according to its website. Okta has already contacted the affected customers.
Okta said that it discovered a five-day window in January where an attacker had access to a support engineer's laptop. The potential impact to Okta customers is limited because support engineers only have limited data. Lapsus$ claimed that the statement was a lie because it was able to log into a portal with the ability to reset the password for 95 percent of the company's clients.
Microsoft has detailed how Lapsus$ operates in its post in addition to announcing the results of its investigation. The group uses various tactics to gain entry into its targets systems, such as relying on social engineering and using password stealers. It pays employees in target organizations to use their credentials from underground forums, approve MFA prompt and install remote management software on a corporate workstations if needed. At times, it performs attacks to get access to a user's phone number in order to receive their two-factor codes.
If it only gains access to account credentials for someone with limited privileges at first, it explores the company's collaboration channels like Teams and Slack or exploits vulnerabilities to gain logins for users higher up in the organization. Microsoft said the group stole funds and wallet. It also targeted telecom companies, higher educational institutions and government organizations in South America.