Contact Us Today 01642 716680

Microsoft and Okta Targeted by LAPSUS$

LAPSUS$'s next high profile victims are Microsoft and Okta. Sencode investigates...

LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm  Okta

Microsoft and Okta, a provider of authentication services, said they are looking into claims of a possible breach made by LAPSUS$.


The gang posted a screenshot to their Telegram channel early Sunday morning. They were indicating that they had hacked Microsoft‘s Azure DevOps server. This contained source code for Bing, Cortana, and other internal projects.

The Claim

El Chapuzas Informatico points out that the group admits it only got 90 percent of the code for Bing Maps, while it got around 45 percent of the code for Cortana and Bing itself. This comes after claims to have stolen the source code for not only the Bing browser, but also its mapping system and the Cortana assistant in the Microsoft attacks. Regardless, torrents for both have been made available online and are reported to look authentic.


Images with the terms “Bing UX,” “Bing-Source,” and “Cortana” indicate that the source code for Microsoft’s search engine was accessed. Other sections for “mscomdev,” “microsoft,” and “msblox” may indicate that the group has gained access to additional code repositories.

Credit: Tom Malka

Microsoft responded to the breach by saying that they know about the claims and are looking into the possibility of an internal breach. However, LAPSUS$ has not made any demands of the company as of this writing.

Allegedly, an administrator of LAPSUS$’s Telegram channel deleted the images that allegedly reveal sensitive Microsoft assets. They posted, “Deleted for now, will repost later.”

A Different Approach

LAPSUS$ are unlike previous ransomware groups that take data from victims and subsequently encrypt it in exchange for a payment. The new threat entrant focuses on data theft and uses it to blackmail the targets.

The cybercrime gang has claimed a long list of high-profile victims since it went active in late December 2021. These include Impresa, NVIDIA, Samsung, Mercado Libre, Vodafone, and, most recently, Ubisoft.


According to the claims of the breach, this could affect anyone who uses Windows 11 on a PC or laptop. However, the infamous hacking group’s intentions are unclear. A Microsoft update will most likely inform consumers of the next steps.

If you have any concerns about your security or need advice about how to protect yourself, contact us.