A prolific hacking gang has been making a name for itself with a string of cyberattacks against a range of high-profile targets. In the space of just a few days, a group known as Lapsus$ revealed that it has stolen data from big-name organisations including Microsoft and Okta.

The aim of the Lapsus$ campaign appears to be soliciting ransom payments, with threats to leak stolen information if its extortion demands aren’t met. While this tactic is a familiar one, often used by ransomware gangs as extra leverage to force victims to pay a ransom for a decryption key, in the case of Lapsus$, there’s no sign that ransomware is part of the attacks because no data is encrypted.

But that doesn’t mean that the attacks aren’t damaging: Microsoft Security notes that there’s evidence of a destructive element to the attacks for victims that won’t give in to extortion demands.

Enterprise identity and access management provider Okta is one of the biggest victims of Lapsus$, in an incident in which the company says attackers might have accessed information of around 2.5% of Okta customers – a figure that the company says represents 366 organisations.

Okta disclosed the breach on March 22, and the company said it “contained” an attempted security breach in January. However, Lapsus$ has since claimed that is was able to access a support engineer’s laptop and have posted screenshots claiming access to systems. In a blog post, Okta says the laptop belonged to a support engineer working for a third-party provider and that Okta itself hasn’t been compromised. However, the company says it has contacted those affected. Microsoft has also confirmed that it was compromised by Lapsus$. While the company says the attackers gained limited access, the hackers have posted a torrent file claiming to hold source code from Bing, Bing Maps, and Cortana.

While claiming Okta and Microsoft as victims has drawn eyes to Lapsus$, the group isn’t brand new, having been active since at least December 2021 and claiming a number of victims in recent months.

One of the first victims of the group was the Brazilian Ministry of Health, which saw over 50TB worth of data stolen and deleted from its systems. Among this haul was data relating to the COVID-19 pandemic, including cases, deaths, vaccinations, and more. It took a month before systems were up and running again.

Other victims of Lapsus$ attacks in recent months include a number of technology and gaming companies. In February, Nvidia fell victim to a cybersecurity incident that was attributed to Lapsus$. The group claims to have stolen over 1TB of data from the microchip manufacturer, including employee passwords.

Source: ZDnet