The South American hacker group Lapsus$ continues to cause chaos and reveals new stolen data. Through his Telegram thread, again, he has just published 37 GB of source code apparently from Microsoft.
This data would concern, among other things, Bing, Bing Maps and Cortana software. However, according to BleepingComputer, they would not include source codes of desktop applications, but would be linked to websites, web frameworks and mobile applications. Which is already a lot. Microsoft has not confirmed this data theft, but has launched an investigation.
In addition, Lapsus$ has published a text file containing “all the fingerprints [de mots de passe, NDLR] employee accounts and LGE.com service accounts”.
A bit teasing, the hackers report that this is the second time in less than a year that they have managed to break into LG’s network.
“It might be a good idea to change the CSIRT team [centre d’alerte et de réaction aux attaques informatiques, NDLR] »write the hackers on Telegram.
Also see video:
More worryingly, the hackers have published images showing that they were able to access the internal systems of Okta, an American company specializing in access and identity management.
The cyber thugs say they did not steal any data from Okta. They would have used this service provider to access their customers’ data. And among these are many large accounts such as FedEx, Engie, HP, Sonos, Nasdaq, Groupon, Mazars, T-Mobile, Zoom, HackerOne, Hertz, Moody’s, MGM Resorts, etc.
Separately, the hackers reported being able to access Okta’s systems for more than two months, which could have given them plenty of time to shop. If true, this would be a major hack with huge repercussions to come.
Unfortunately, Lapsus$ has so far never told canards. For its part, Okta minimizes the situation for the moment. On Twitter, its CEO speak only of one “access attempt” limited to a customer’s support engineer account. We’ll see, and probably soon enough.
Source : BleepingComputer