Samsung Hackers Strike Again, This Time Targeting Microsoft, Okta

Lapsus$, the ransomware group behind recent cyberattacks on Nvidia and Samsung, has struck again, this time targeting computer giant Microsoft and authentication company Okta.

On Tuesday, Microsoft confirmed the group that the company calls DEV-0537 accessed and stole parts of its products’ source code. The announcement came a day after the group in question said via its Telegram channel that it had uploaded 37GB of data online, allegedly consisting of portions of source code for Bing, Bing Maps and Cortana.

“The objective of DEV-0537 actors is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion,” wrote Microsoft Threat Intelligence Centre (MSTIC) in a blog post.

In the Nvidia breach, Lapsus$ held proprietary source code for ransom, demanding the company remove the lite hash rate (LHR) in its RTX 30 series graphics cards. LHR is a feature that limits the Ethereum mining capabilities of the company’s graphics cards.

The threat actor’s motives in these recent attacks remain unclear as it has yet to issue any demands.

Microsoft said that the stolen code is not severe enough to be a cause of concern, noting that its response teams managed to quickly get on top of the situation and stop the compromised account from accessing further data.

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” the company added.

Meanwhile, Okta, a company that provides identity authentication services, confirmed that it was also hit by hackers in January, but the scope of the breach is not yet known.

"In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors,” Okta Chief Todd McKinnon wrote in a tweet. “The matter was investigated and contained by the subprocessor."

The company says that some of its customers may be affected, though it’s “limited to the access that support engineers have,” as Chief Security Officer David Bradbury pointed out.

“There are no corrective actions that need to be taken by our customers,” he said.

The breach was confirmed by the company after a screenshot of Okta’s internal communications was shared by Lapsus$ in its Telegram channel.

Some of Okta’s customers like FedEx and Cloudflare have conducted their own investigations after the breach but have yet to find any signs that they’ve been compromised.

Both Microsoft and Okta similarly issued statements saying that they’re in the process of investigating the attacks and will take the necessary actions to try and prevent them in the future.

Not much is known about Lapsus$ yet, having only emerged late last year, but the group’s recent string of high-profile attacks on Nvidia, Samsung and Ubisoft has put it on a lot of companies' radars as a threat to watch out for.

• The ransomware group Lapsus$ has struck again, this time targeting computer giant Microsoft and authentication company Okta.

• Microsoft confirmed that it suffered from a security breach after the hackers leaked stolen source code for some of its products online.

• Okta similarly confirmed an attack in January after the group on its Telegram channel shared a screenshot of the company's internal communication.

• Microsoft maintains that the attack is not a cause of concern, while Okta says no corrective actions are required in the part of their customers.