"Microsoft And Okta Are Investigating Potential Attacks by The Lapsus$ Hacking Group"
Microsoft and identity authentication company Okta are both investigating potential attacks that may have been carried out by the South American hacking group Lapsus$. The hacking group claims to have stolen source code for Bing, Cortana, and internal Microsoft projects from a server. Lapsus$ released a torrent on Monday containing 37GB of source code for around 250 projects. The group claims the data includes 90 percent of Bing's source code and 45 percent of Cortana and Bing Maps code. Other affected projects seem to include websites, mobile apps, and web-based infrastructure. The leaks reportedly contain internal emails and documentation related to published mobile apps. The torrent is not believed to include code for desktop software such as Windows or Microsoft Office. The same group has also targeted Okta, though the company says it has not yet found evidence of a new breach following an incident in January. In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of their subprocessors. An Okta spokesperson said they believe the screenshots shared online are connected to this January event. The spokesperson also stated that there is no evidence of ongoing malicious activity beyond the activity detected in January based on the company's investigation to date. The Wall Street Journal reports the hackers claimed not to have accessed or obtained data on Okta itself and were focused on its customers, including Cloudflare, Grubhub, Peloton, Sonos, T-Mobile, and Yahoo. Recently, the hacking group has attacked other high-profile targets, including NVIDIA, Samsung, and Ubisoft.