Microsoft and Okta investigate potential attacks by Lapsus$ hacking group
and identity authentication firm Okta are both investigating potential attacks that may have been carried out by South American hacking group Lapsus$. The collective claims to have stolen the source code of and internal Microsoft projects on a server.
Lapsus$ released a torrent on Monday that reportedly contains 37GB of source code for around 250 projects, according to . The group says the data includes 90% of Bing’s source code and 45% of Cortana and Bing Maps code. Other affected projects appear to include websites, mobile apps, and web infrastructure.
The leaks allegedly contain internal emails and documentation related to released mobile apps. The torrent is believed not to include code for office software such as Windows or Microsoft Office. Engadget has contacted Microsoft for comment.
The same group has also targeted Okta, although the company says it has yet to find evidence of a new breach following an incident in January.
“In late January 2022, Okta detected an attempt to compromise the account of a third-party customer support engineer working for one of our contractors,” an Okta spokesperson told Engadget. “The contractor has investigated the matter and contained it. We believe the screenshots shared online are related to this January event. Based on our investigation to date, there is no no evidence of ongoing malicious activity beyond the activity detected in January.”
Lapsus$ posted screenshots of what it claimed were Okta’s internal systems. As reports, the hackers claimed they did not access or obtain data from Okta itself and were focused on the company’s customers, including Cloudflare, Grubhub, Peloton, Sonos, T-Mobile and Engadget parent Yahoo.
The hacking group has attacked other high-profile targets in recent weeks, including NVIDIA and . NVIDIA that the hackers obtained the company’s data in February, while $Lapsus claimed to have .