Many of you will have seen various articles regarding the Laspsus$ extortion group and recently publicised breaches. LAPSUS$ is a relatively new cybercrime group specialising in stealing data from large companies and threatening to publish it unless a ransom demand is paid. The group denies any state links or interest in politics as their activities suggest a loosely collected group compared to a disciplined organisation. The group have gained notoriety by compromising several high-profile companies in the technology sector, including the identity management platform Okta. eacs would like to confirm that we do not use Okta as an identity management tool.
Lapsus$ have made public claims that they had gained access to Microsoft and exfiltrated portions of source code. Microsoft has confirmed that no customer code or data was involved in the observed activities. Their investigation found that a single account had been compromised, granting limited access. Microsoft’s cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure, and viewing source code does not lead to the elevation of risk. Microsoft was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated action allowing intervention to interrupt the actor in mid-operation, limiting broader impact.
For a long time now, eacs has been recommending that all our clients enforce Multi-Factor Authentication and Conditional Access as a means to secure your environment, and incidents such as this put the need for this very much in the spotlight. Based on further analysis, eacs is recommending that all clients consider the following steps:
If you are concerned or have any questions, please don’t hesitate to contact your Service Delivery Manager or a member of our team on 0800 8047 256.