Lapsus$ suspects arrested for Microsoft, Nvidia, Okta hacks
As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. [...]
Coverage of incidents reportedly linked to LAPSUS$, with analysis of infrastructure and disruption, security impact, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
LAPSUS$ is a name used in public reporting for an intrusion set associated with several high-profile compromises, particularly during 2021–2022. Investigations and victim disclosures linked the activity to social engineering, stolen credentials, account takeover—including reported abuse of help-desk or telecom recovery processes—and theft or attempted extortion of data and source code. Attribution, membership, and the relationship between individual incidents remain subject to change, so reports should be assessed for the evidence supporting each linkage.
Its security significance is the demonstrated exposure of identity and support workflows rather than reliance on a single malware family. Defenders should prioritize phishing-resistant multifactor authentication for privileged users, tightly control password resets and number-porting requests, limit administrator access, and monitor unusual identity-provider, cloud, and repository activity. After a suspected compromise, revoke sessions and tokens, rotate credentials and exposed secrets, preserve authentication and support-desk logs, and determine what data or code was accessed. These steps also help distinguish confirmed intrusion facts from claims made during extortion or incomplete early reporting.
As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. [...]
Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. [...]
Okta, a major provider of access management systems, says that 2.5%, or approximately 375 customers, were impacted by a cyberattack claimed by the Lapsus$ data extortion group. [...]
Okta, a major provider of access management systems, has completed its investigation into a breach incident claimed by the Lapsus$ data extortion group. [...]
Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach. [...]
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server. [...]
Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data. [...]