Home Lapsus$ group hits authentication firm with breach

Lapsus$ group hits authentication firm with breach

March 22 –  The Lapsus$ threat actor group has recently been linked to cyber attacks on high-profile targets, including the authentication firm known as Okta. With a $25 billion market cap, Okta manages login information for more than 100 million internet users across organizations and governments.

In the Okta breach, cyber criminals are believed to have accessed corporate networks and applications through the retrieval of private key information. Despite significant concern following the incident, “The potential impact to Okta customers is limited to the access that support engineers have,” stated Okta Chief Security Officer David Bradbury.

Lapus$ threat activity

The Lapsus$ group conveyed that their motives pertain to financial resources, and that the group is not state-sponsored. They’ve also claimed that no data has been stolen from Okta and that their focus was on targeting Okta customers.

Lapsus$ threat actors were first identified by cyber security researchers in December of 2021. The majority of the group’s activities center around disrupting technology companies and government agencies.

Protect against compromised identities

Worried about similar identity-access focused breaches? There are a variety of solutions and techniques that can assist your organization in protecting identities, detecting compromised identities, and suspicious identity behavior.

  • Cloud Guard Intelligence– Continuously analyzes account activity across cloud services (GCP, AWS & Azure) detecting anomalies that may indicate compromised identities.
  • Cloud Guard Posture management provides a IAM Safety capability that enables an AWS IAM Dynamic Authorization solution, providing protection against malicious cloud control plane attacks and unintentional privileged user error.

Actionable insights for Okta customers

Check Point Research strongly advocates for Okta customers to exercise extreme vigilance and to strengthen cyber security practices.

If you are using Okta to authenticate Check Point Products, Check Point Software recommends review auditing and log-in activities recently done with Check Point products. More detailed information can be found on Check Point’s blog.