Digital extortion gang Lapsus$ hacks data of large tech companies: Microsoft

The group said in a series of public posts on the messaging app Telegram this week that it had accessed Okta Inc., the San Francisco-based identity-management firm that provides authentication tools for an array of business clients. 

The group’s Telegram channel posted a series of screenshots that it claimed were evidence of the hack and said that Okta wasn’t the ultimate target. “BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA - our focus was ONLY on okta customers. ????."

Meanwhile, Okta Chief Security Officer David Bradbury on Tuesday revealed a five-day window in January when an attacker gained access to a laptop for a support engineer who worked for a third-party vendor. Bradbury also said the company had detected an unsuccessful hacking attempt in January. Okta shares fell by more than 8% before recovering almost all the loss Tuesday.

Lapsus$ previously claimed to breach organizations including Nvidia Corp., Samsung Electronics Co., and the gaming company Ubisoft Entertainment SA. The group said it also accessed data from Microsoft Corp.Meanwhile, Microsoft said attackers gained “limited access" to its systems, and that attackers had compromised a single account to gather data.

In recent years, most hacking groups have used malware to encrypt a victim’s files, then demanded payment to unlock them, so-called ransomware. Sometimes the groups steal sensitive data and threaten to make it public unless they are paid.

Lapsus$ functions as a “large-scale social engineering and extortion campaign," though it does not deploy ransomware, Microsoft said. The group uses phone-based tactics to target personal email accounts at victim organizations and pays individual employees or business partners of an organization for illicit access, according to Microsoft.

Lapsus$ also is known for hijacking individual accounts at cryptocurrency exchanges to drain user holdings.