In this week’s Cyber Weekly Digest we take a look at some of the latest attacks carried out by the Lapsus$ group, including how Lapsus$ was able to access Okta customer data and the source code for various Microsoft projects. Keep reading to stay up to date with the latest cyber security news from across the globe.
On Tuesday, the data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be access to Okta's backend administrative consoles and customer data. One of the screenshots showed that Lapsus$ could change customer passwords using Okta's admin panel. Researchers are concerned that the extortion group could have used this 'superuser' access as a way to breach customer's servers who use the company's authentication solutions. Okta later this week confirmed that 2.5% of its customers have been affected by the breach.
30 cryptocurrency companies were affected by a Hubspot data breach, including BlockFi, Swan Bitcoin and NYDIG. Hubspot claims that the breach had minimal impact and has already notified the companies affected. Hubspot discovered that the breach occurred due to a threat actor compromising a HubSpot employee account, which had “super admin” access on both internal and external sides of its platform. The breach was limited to names, emails, account types, phone numbers and, in some cases, company names.
Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. This week Lapsus$ released 37GB of source code stolen from Microsoft's Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps. Microsoft shared details of the tactics and procedures used by the threat actors along with precautions to help protect against them. Microsoft noted that Lapsus$ focuses on obtaining compromised credentials for initial access to corporate networks. Lapsus$ appears to be on a leaking binge, with this week claimed to have breached Okta and LG Electronics.
New versions of Conti's ransomware source code have been reportedly leaked by a researcher following Conti’s public declaration of support to Russia. Over the last weekend, a link to the new package was published under the "Conti Leaks" Twitter handle. Previously, the pro-Ukraine individual leaked an older version of the ransomware. The source code has been uploaded to VirusTotal and is available for cyber security researchers to analyse the malware. Although, threat actors could adapt the code for their own malware campaigns.
A new supply chain attack has been observed targeting Azure developers with around 218 malicious NPM packages with the goal of stealing personally identifiable information. Although the entire set of malicious packages was disclosed to the NPM maintainers two days after they were published earlier this week, each of the packages were downloaded around 50 times on average.