Extrotion group Lapsus$ posted screenshots of what it claimed was #okta ’s internal systems. The hackers claimed not to have accessed or obtained data on #okta itself and were focused on the company's customers, which include Govt and Non govt high profile customers.
The hacking group has attacked other high-profile targets in recent weeks, including NVIDIA, Samsung and Ubisoft. NVIDIA confirmed that hackers obtained company data in February, while Lapsus$ claimed to have leaked 190GB of Samsung data
#lapsus$ also released a torrent on Monday that's said to contain 37GB of source code for around 250 projects. The group claims the data includes 90 percent of Bing's source code and 45 percent of Cortana and #Bing Maps code. Other affected projects seem to include websites, mobile apps and web-based infrastructure.
#Okta develops and maintains Identity and Access Management systems. In particular, they provide a Single Sign-On solution. A huge number of large companies employ Okta’s solutions.
While the full scope and impact of the potential attack is not yet clear, the following precautionary steps are recommended to ensure that potential damage is contained:
Revoke all active logins and make all users re-authenticate.
plan to start rotating keys and creds. rotating might force user re authinticate anyway, but the attacker could already have a computer logged into your org so
• Rotate critical credentials managed in Okta solutions, including API keys, passwords, and Multi Factor Authentication tokens. Once this is accomplished and based on ongoing publication of new information, full rotation of all Okta credentials may be advised.
• Investigate Okta Log : Perform a focused investigation into Okta logs to identify irregular access which may indicate malicious activity targeting organizational credentials and systems. This investigation should initially focus on identifying irregular access such as access from uncommon IP address ranges and User Agents or access in highly irregular times of the day or week. If possible, perform these analyses going back to the end of 2021 to cover the currently understood potential length of the breach.
• Critical Asset Access Investigation. Perform a focused investigation to identify potential malicious access to organizational resources leveraging credentials managed in Okta, according to the same logic mentioned above. If such activities are identified, a deep dive investigation should be initiated to assess the full potential scope of the breach.
#lapsus #okta #microsoft #bing
