{"id":21410,"date":"2022-03-24T18:13:34","date_gmt":"2022-03-24T18:13:34","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=21410"},"modified":"2022-03-29T23:39:45","modified_gmt":"2022-03-29T23:39:45","slug":"lapsus-microsoft-okta-nvidia-samsung","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/","title":{"rendered":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung"},"content":{"rendered":"<p>The LAPSUS$ threat group has had an attention-grabbing month, snaring high-profile victims like Microsoft, <a href=\"https:\/\/www.esecurityplanet.com\/products\/okta-identity-cloud\/\">Okta<\/a>, NVIDIA, Samsung and others.<\/p>\n<p>On March 22, Microsoft confirmed a substantial breach by the LAPSUS$ hacking group. In a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/03\/22\/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction\/\" target=\"_blank\" rel=\"noopener\">blog post<\/a> detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a &#8220;large scale <a href=\"https:\/\/www.esecurityplanet.com\/threats\/social-engineering-attacks\/\">social engineering<\/a> and extortion campaign.&#8221;<\/p>\n<p>In a short amount of time, LAPSUS$ has collected a substantial number of victims \u2014 and shows no signs of stopping.<\/p>\n<p>Among cybercriminals, LAPSUS$&#8217;s attacks are uniquely public and technologically blunt \u2014 the equivalent of striking a digital infrastructure with a baseball bat. This simple approach has proven extraordinarily effective, although it&#8217;s unknown how much the LAPSUS$ group has profited from its exploits.<\/p>\n<h2>The Victims: Microsoft, Okta, and Many Others<\/h2>\n<p>LAPSUS$ has racked up a substantial number of victims \u2014 all large organizations with source code and proprietary information to protect.\u00a0 LAPSUS$ doesn&#8217;t appear to be using overtly sophisticated intrusion methods but instead relying on social engineering and purchased accounts.<\/p>\n<p>In a very active month, the South American threat group has racked up an alarming list of victims:<\/p>\n<ul>\n<li>In late February, LAPSUS$ hacked and then released <a href=\"https:\/\/www.techrepublic.com\/article\/nvidias-breach-might-help-cybercriminals-run-malware-campaigns\/\" target=\"_blank\" rel=\"noopener\">NVIDIA&#8217;s DLSS source code<\/a> while claiming it had maintained access to NVIDIA&#8217;s servers for an entire week. NVIDIA <a href=\"https:\/\/nvidia.custhelp.com\/app\/answers\/detail\/a_id\/5333\" target=\"_blank\" rel=\"noopener\">confirmed the attack<\/a> and indicated that a LAPSUS$ operative had gained access through employee credentials. NVIDIA&#8217;s DLSS codebase is said to include next-generation AI-powered image rendering technology, so the hack of the leading chipmaker could potentially lead to widespread damage.<\/li>\n<li>A week later, Samsung released a statement stating that it had also experienced a cybersecurity breach, including source code for its Galaxy Smartphones. While it did not identify LAPSUS$ as its attacker, LAPSUS$ later posted 190 GB of Samsung data, including Samsung&#8217;s biometric authentication and bootloader source code.<\/li>\n<li>Mid-March, popular game developer Ubisoft <a href=\"https:\/\/portswigger.net\/daily-swig\/cybersecurity-incident-at-ubisoft-disrupts-operations-forces-company-wide-password-reset\" target=\"_blank\" rel=\"noopener\">reported a data breach<\/a>. It&#8217;s unknown what data was compromised. Though the attack hasn&#8217;t been directly attributed to LAPSUS$, there was chatter on the LAPSUS$ Telegram regarding the attack.<\/li>\n<li>On March 22, Okta, a Single Sign-On service provider, <a href=\"https:\/\/www.techrepublic.com\/article\/okta-customer-data-targeted-lapsus\/\" target=\"_blank\" rel=\"noopener\">confirmed<\/a> that attackers had breached its system &#8211; an attack that occurred in January. The investigation is ongoing. According to Okta, at least 366 customers have been impacted by the breach. Screenshots released by LAPSUS$ indicated that they acquired access to customer support tickets, Slack messages, and internal user management tools. Approximately 15,000 organizations use Okta services.<\/li>\n<li>As of March 23, LAPSUS$ has leaked 37 GB of Microsoft\u2019s internal source code through torrents. The breach includes partial code from Bing, Cortana, and Bing Maps. Microsoft has stated that it does not rely upon the secrecy of its source code for its security.<\/li>\n<\/ul>\n<p>Other potential victims of LAPSUS$ include <a href=\"https:\/\/www.reuters.com\/technology\/vodafone-portugal-hit-by-hackers-says-no-client-data-breach-2022-02-08\/\" target=\"_blank\" rel=\"noopener\">Vodafone Portugal<\/a> (Feb 2022) and <a href=\"https:\/\/investor.mercadolibre.com\/static-files\/b63e4e36-b13d-41a7-87dd-b17c50b126d3\" target=\"_blank\" rel=\"noopener\">Mercado Libre<\/a> (March 2022).<\/p>\n<h2>Who is the LAPSUS$ Hacking Group?<\/h2>\n<p>According to Kari Walker of Flashpoint, surprisingly little is known about the LAPSUS$ hacking group. They have swiftly made a name for themselves by targeting numerous high-profile companies in swift succession. Though their attacks accelerated in March, LAPSUS$ first became <a href=\"https:\/\/blog.malwarebytes.com\/awareness\/2022\/03\/okta-admits-366-customers-may-have-been-impacted-by-lapsus-breach\" target=\"_blank\" rel=\"noopener\">active in 2021<\/a>. Based on their use of Spanish and Portuguese and their early targets, they are believed to be a South American group.<\/p>\n<p>Until LAPSUS$, most recent hacker groups focused on <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-protection\/\">ransomware<\/a>. Ransomware attacks encrypt data and require that the victim pay a ransom for the data&#8217;s release. Just between January and February, ransomware attacks rose by 53%, according to NCC Group. The <a href=\"https:\/\/www.esecurityplanet.com\/trends\/colonial-pipeline-ransomware-attack\/\">Colonial Pipeline attack<\/a> of 2021 made significant waves when it revealed how vulnerable even <a href=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\">critical infrastructure<\/a> could be.<\/p>\n<p>However, LAPSUS$ isn&#8217;t a ransomware group \u2014 it&#8217;s an extortionist group. Rather than encrypting data and holding it for ransom, LAPSUS$ collects data and blackmails organizations to prevent its release. LAPSUS$ appears to coordinate through Telegram to execute their cyber extortion campaigns.<\/p>\n<p>New broke today of the <a href=\"https:\/\/www.bbc.com\/news\/technology-60864283\" target=\"_blank\" rel=\"noopener\">arrest of several LAPSUS$ members<\/a> in the U.K., but it remains to be seen if the arrests put a dent in the group&#8217;s operations.<\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\">SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats<\/a><\/p>\n<h2>Social Engineering and Cyber Crime<\/h2>\n<p>It&#8217;s not known how LAPSUS$ is breaching high-profile systems, but it appears they are primarily relying on social engineering techniques. Microsoft&#8217;s blog post noted that LAPSUS$ readily discloses its targets and openly offers to purchase employee credentials. Other strategies in use include phone-based social engineering and personal email breaches.<\/p>\n<p>For a security officer, these threats are a nightmare to counter. But they also require malicious or negligent actors within the organization. Companies can take action to shore up their systems by identifying the hallmarks of potential intrusion, such as employees logging in from unknown locations or performing suspicious activities.<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-user-and-entity-behavior-analytics-ueba-tools\/\">UEBA<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\">employee cybersecurity training<\/a> could address both suspicious activity and employee mistakes.<\/p>\n<figure id=\"attachment_21414\" aria-describedby=\"caption-attachment-21414\" style=\"width: 400px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-21414\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/03\/lapsus-300x265.png\" alt=\"lapsus$\" width=\"400\" height=\"354\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus-300x265.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus-768x679.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus-150x133.png 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus-696x615.png 696w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png 847w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-21414\" class=\"wp-caption-text\">LAPSUS$ recruitment ad via Microsoft<\/figcaption><\/figure>\n<h2>The Threat of Cyber Extortion<\/h2>\n<p>Blackmail inherently requires that an organization have data that it doesn&#8217;t want to be exposed. Following the Microsoft hack, LAPSUS$ released torrents containing partial source code for Bing Maps, Cortana, and Bing. During the NVIDIA attack, LAPSUS$ released confidential and potentially ground-breaking IP.<\/p>\n<p>Microsoft&#8217;s major concern would be that revealing this source code could open them up to <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">security vulnerabilities<\/a>. However, proponents of open source development would likely note that the release of source code does not have to be inherently damaging.<\/p>\n<p>&#8220;[The hack] highlights the need for secure development processes, SAST and DAST scans, secret scans, etc. It is also a good reminder that organizations should treat their code as if it were open source, and if their code is exposed, then minimal damage will occur,&#8221; according to Yakir Kadkoda, Lead Security Researcher at Aqua Security.<\/p>\n<p>NVIDIA&#8217;s case is a little more complex, as it opens the company up to potential infringements of their new technology.<\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/devsecops-tools\/\">Best DevSecOps Tools<\/a><\/p>\n<h2>Okta LAPSUS$ Protection<\/h2>\n<p>SecurityScorecard&#8217;s Chief Information Security Officer, Mike Wilkes, outlined a few critical ways that Okta customers, in particular, should secure their environments:<\/p>\n<ul>\n<li>Check admin events\/logs for suspicious activities<\/li>\n<li>Verify that &#8220;Give Access to Okta Support&#8221; is disabled<\/li>\n<li>Disable &#8220;Give Directory Debugger Access to Okta Support&#8221;<\/li>\n<li>Check to see if any unidentified API tokens have been created<\/li>\n<\/ul>\n<p>In general, to avoid these forms of attack, organizations must:<\/p>\n<ul>\n<li>Treat their source code as though it is already open source<\/li>\n<li>Ensure that their environments are frequently monitored and scanned for intrusion<\/li>\n<li>Encrypt and protect their most critical data (and their data backups) through <a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\">zero-trust policies<\/a><\/li>\n<li>Assume that their data and their systems <em>will<\/em> be breached<\/li>\n<\/ul>\n<p>Cybercriminals are not only becoming more advanced; the resources that enable them to commit high-profile crimes are becoming more readily accessible. Hacker groups such as LAPSUS$ can easily coordinate through Telegram and receive blackmail payoffs through cryptocurrency \u2014 with minimal threat to themselves. Further, the proliferation of work-from-home infrastructure and easy access SaaS solutions creates networks with increasingly exposed attack surfaces. For most organizations, it isn&#8217;t a question of whether they will experience a data breach, but when they will experience a data breach.<\/p>\n<p>Read next: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-network-monitoring-tools\/\">Best Network Monitoring Tools<\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6f583c3405-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f583c3405\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f583c3405\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f583c3405\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f583c3405\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f583c3405\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f583c3405\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The LAPSUS$ threat group has had an attention-grabbing month, snaring high-profile victims like Microsoft, Okta, NVIDIA, Samsung and others. On March 22, Microsoft confirmed a substantial breach by the LAPSUS$ hacking group. In a blog post detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a &#8220;large scale social engineering and [&hellip;]<\/p>\n","protected":false},"author":282,"featured_media":21414,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[403,31789],"class_list":["post-21410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","b2b_audience-awareness-and-consideration","b2b_product-cyber-terrorists-and-cyber-crime","b2b_product-phishing-and-spear-phishing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-24T18:13:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-29T23:39:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png\" \/>\n\t<meta property=\"og:image:width\" content=\"847\" \/>\n\t<meta property=\"og:image:height\" content=\"749\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jenna Inouye\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Inouye\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\"},\"author\":{\"name\":\"Jenna Inouye\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/3e587fc16bf8bd7d57b2f2783f89f321\"},\"headline\":\"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung\",\"datePublished\":\"2022-03-24T18:13:34+00:00\",\"dateModified\":\"2022-03-29T23:39:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\"},\"wordCount\":1187,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png\",\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\",\"name\":\"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png\",\"datePublished\":\"2022-03-24T18:13:34+00:00\",\"dateModified\":\"2022-03-29T23:39:45+00:00\",\"description\":\"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png\",\"width\":847,\"height\":749,\"caption\":\"LAPSUS$ recruitment ad via Microsoft\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/3e587fc16bf8bd7d57b2f2783f89f321\",\"name\":\"Jenna Inouye\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/Profile-Pic-Jenna-1-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/Profile-Pic-Jenna-1-150x150.jpg\",\"caption\":\"Jenna Inouye\"},\"description\":\"Full-stack developer and technology writer with bylines in Hackr.io, Udemy, and SVG. Technology writer at First Page Sage, a leading SEO firm.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jinouye\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet","description":"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/","og_locale":"en_US","og_type":"article","og_title":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet","og_description":"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/","og_site_name":"eSecurity Planet","article_published_time":"2022-03-24T18:13:34+00:00","article_modified_time":"2022-03-29T23:39:45+00:00","og_image":[{"width":847,"height":749,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png","type":"image\/png"}],"author":"Jenna Inouye","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Jenna Inouye","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/"},"author":{"name":"Jenna Inouye","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/3e587fc16bf8bd7d57b2f2783f89f321"},"headline":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung","datePublished":"2022-03-24T18:13:34+00:00","dateModified":"2022-03-29T23:39:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/"},"wordCount":1187,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png","articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/","url":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/","name":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png","datePublished":"2022-03-24T18:13:34+00:00","dateModified":"2022-03-29T23:39:45+00:00","description":"The LAPSUS$ threat group has been on an eye-popping cyber crime spree. Here are some defensive steps for Okta users and others.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/lapsus.png","width":847,"height":749,"caption":"LAPSUS$ recruitment ad via Microsoft"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/3e587fc16bf8bd7d57b2f2783f89f321","name":"Jenna Inouye","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/Profile-Pic-Jenna-1-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/03\/Profile-Pic-Jenna-1-150x150.jpg","caption":"Jenna Inouye"},"description":"Full-stack developer and technology writer with bylines in Hackr.io, Udemy, and SVG. Technology writer at First Page Sage, a leading SEO firm.","url":"https:\/\/www.esecurityplanet.com\/author\/jinouye\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21410"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/282"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=21410"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21410\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/21414"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=21410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=21410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=21410"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=21410"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=21410"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=21410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}