Okta (and Microsoft) leak by Lapsus$ Group

March 22, 2022    Article    641 words    4 mins read

Another leak from the Lapsus$ Group, Microsoft source code and Okta screenshots from their administration panel, after being inside the Okta network since January 21, 2022. Keep in mind that no torrent files are hosted on this website.

Okta, Inc. is a publicly traded identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices. It was founded in 2009 and had its initial public offering in 2017, being valued at over $6 billion.

First message:

Leak of some Bing , Bing Maps and Cortana source code - Bing maps is 90% complete dump.
Bing and Cortana around 45%.

NOTE: IF THE TORRENT FAILS MAKE SURE TO ADD TRACKERS!!!
https://ngosang.github.io/trackerslist/trackers_best.txt

Enjoy everyone!

Second message:

Just some photos from our access to Okta.com Superuser/Admin and various other systems.

For a service that powers authentication systems to many of the largest corporations
(and FEDRAMP approved) I think these security measures are pretty poor.

(yes we know the URL has a email address. the account is suspended - we dont care)

BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA - our focus
was ONLY on okta customers.

😏

Magnet link:

magnet:?xt=urn:btih:bfcfbc5e631a309271c8773bd6781c1bd63b4387&xt=urn:btmh:1220bdc7f21dc6b685b49516a52b62ddfdee11e108a004107a79784b24428ddec205&dn=MS.7z&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fopen.tracker.cl%3A1337%2Fannounce&tr=udp%3A%2F%2F9.rarbg.com%3A2810%2Fannounce&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A6969%2Fannounce&tr=http%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%3A%2F%2Fwww.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fipv4.tracker.harry.lu%3A80%2Fannounce&tr=http%3A%2F%2Ftracker4.itzmx.com%3A2710%2Fannounce&tr=udp%3A%2F%2Ftracker.dler.org%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.moeking.me%3A6969%2Fannounce&tr=https%3A%2F%2Ftr.torland.ga%3A443%2Fannounce&tr=http%3A%2F%2Fvps02.net.orel.ru%3A80%2Fannounce&tr=udp%3A%2F%2Fvibe.sleepyinternetfun.xyz%3A1738%2Fannounce&tr=udp%3A%2F%2Ftracker2.dler.org%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker1.bt.moack.co.kr%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.zerobytes.xyz%3A1337%2Fannounce

Original torrent file is here (use Tor browser), SHA256 of the file is 42e4d42f64e1e8ce257c151087cfbe795c858ec7d3cd0b402001be26456e94af, it’s a v2 torrent and won’t open in clients that don’t support v2 torrents, like Transmission.

Screenshots of the Okta administrative panel, from Lapsus$ Group: 1, 2, 3, 4, 5, 6, 7, 8.

MS.7z

As stated by Lapsus$, the archive contains Microsoft source code, various components including Bing, Bing Maps, Cortana, etc. Not sure if there is a connection with Okta, Microsoft should probably be using Azure and not a third-party SSO provider.

Size: 9,980,775,305 bytes, 39,865,646,838 bytes expanded.

Certificates:

find . -type f -name "*.cer"
./MS/MDP/private/src/Cloud/MapsDataPlatform/Gateway/Tools/DVTScheduler/Deployment/Controller/VectorStoreTest/DVTVMCertificates/MDPGW-DVT03_Certificate.cer
./MS/MDP/private/src/Cloud/MapsDataPlatform/Gateway/Tools/DVTScheduler/Deployment/Controller/VectorStoreTest/DVTVMCertificates/MDPGW-DVT04_Certificate.cer
./MS/MDP/private/src/Cloud/MapsDataPlatform/Gateway/Tools/DVTScheduler/Deployment/Controller/VectorStoreTest/DVTVMCertificates/MDPGW-DVT02_Certificate.cer
./MS/MDP/private/src/Cloud/MapsDataPlatform/Gateway/Tools/DVTScheduler/Deployment/Controller/VectorStoreTest/DVTVMCertificates/MDPGW-DVT01_Certificate.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/cs.rpssample.pp.test.microsoft.com.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/pipe.dev.trafficmanager.net.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/RPS-DEK-Apr2018-Vortex-Sbx.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/RPS-DEK-Apr2018-Vortex.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/collector_rps_dek_selfsigned_prod.cer
./MS/Aria.Backend/Services/Skype.Data.Collector/Skype.Data.Collector/TokenCracking/RPS-CEK-Aug2018-OneCollector.cer
./MS/Platform/Secrets/CodeSign/CloudSignAadAccess.cer
./MS/CoXDataMining/Certificate/coxreporting.phx.gbl.cer
./MS/CoXDataMining (1)/Certificate/coxreporting.phx.gbl.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2UsernameBindingSample/Certificates/ACS2SigningCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2UsernameBindingSample/Certificates/WcfServiceCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/ACS2SigningCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/ACS2ClientCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/WcfServiceCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/ACS2DecryptionCert.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/ACS2SigningCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/WcfServiceCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/OAuth2/Certificates/ACS2ClientCertificate.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/Management/ManagementService/IdentityProvider/identitykey.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/DataAccessor/ApplicationIdentityServiceUnitTest/Config/ValidCert.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/DataAccessor/ApplicationIdentityServiceUnitTest/Config/ExpiredCert.cer
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/DataAccessor/ApplicationIdentityServiceUnitTest/Config/InvalidCert.cer
./MS/Spatial/ServiceFabric/Source/SpatialDataServiceFabric/Deployment/Environment/Certs/spatialservicefabric-int-westus.westus.cloudapp.azure.com.cer
./MS/Spatial/ServiceFabric/Source/SpatialDataServiceFabric/Deployment/Environment/Certs/ICM/spatialdataservice-fabric-emailconnector.cer
./MS/Spatial/ServiceFabric/Source/SpatialDataServiceFabric/Deployment/Environment/Certs/spatialservicefabric-prod-centralus.centralus.cloudapp.azure.com.cer
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/spatialservicefabric-int-westus.westus.cloudapp.azure.com.cer
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/ICM/spatialdataservice-fabric-emailconnector.cer
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/spatialservicefabric-prod-centralus.centralus.cloudapp.azure.com.cer
./MS/DevPortal/MapsDevPortal/Rps/Prod/certs/www.bingmapsportal.com.cer
./MS/DevPortal/MapsDevPortal/Rps/Int/certs/_.maps.live-int.com.cer

Keys:

find . -type f -name "*.key"
./MS/LegacyAppStreamingFreeRdp/server/Mac/server.key
./MS/LegacyAppStreamingFreeRdp/server/Sample/server.key
./MS/LegacyAppStreamingFreeRdp/server/Windows/server.key
./MS/IncrementalGridStore/Jobs/GenerateOutput/OutputJobAccounts/igsalerttoken.key

PKCS #12 files:

find . -type f -name "*.pfx"
./MS/NativeMapClient/src/Navigation/Projects/WinRT/NavHost/NavHost_TemporaryKey.pfx
./MS/NativeMapClient/src/Libraries/Projects/Windows/Tests_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/Xamarin/XamarinMapHost/XamarinMapHost.UWP/XamarinMapHost.UWP_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/StressTestTool/StressTestTool_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/Microsoft.Maps/Microsoft.Maps_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/API spec/Samples/App9_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/MapViewer/MapViewer_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/MapHost/MapHost_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/GuidanceComparisonApp/GuidanceComparisonApp_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/MapDataTestApp/MapDataTestApp_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/Tests/MapControlTestApp/MapControlTestApp_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/MapHostHolographic/MapHostHolographic_TemporaryKey.pfx
./MS/NativeMapClient/src/MapRendering/Projects/WinRT/Microsoft.Maps.Host/MicrosoftMapsHost_TemporaryKey.pfx
./MS/NativeMapClient/src/MicrosoftGeospatialTiles/Projects/WinRT/MicrosoftGeospatialTilesTests/MicrosoftGeospatialTilesTests_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/Tools/RpgTool/RpgTool_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/Tools/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/Tools/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/UnitTests/Lib5/MSLib5RouteTests/MSLib5RouteTests_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/UnitTests/MSNMAATests/MSNMAATests_TemporaryKey.pfx
./MS/NativeMapClient/src/Routing/Platforms/WinRT/RouteEngine_UnitTests/RouteEngine_UnitTests_TemporaryKey.pfx
./MS/Relevance/private/src/Dev/MapSearchQuality/MapSearchPlayer-branch-LegacyWin80/WindowsStoreApp/WindowsStoreApp_TemporaryKey.pfx
./MS/Relevance/private/src/Dev/MapSearchQuality/MapSearchPlayer/WindowsStoreApp/WindowsStoreApp_TemporaryKey.pfx
./MS/CWBMM/src/CWBMM.Product/MapsDsatPipeline/DSATReportToVendorTool/DSATReportToVendorTool/DSATReportToVendorTool_TemporaryKey.pfx
./MS/CSI/src/Tools/CSILogVisualiser/CSILogVisualiser/CSILogVisualiser_TemporaryKey.pfx
./MS/CSI/src/Tools/CSIiOSLogViewer/CSIiOSLogViewer/CSIiOSLogViewer_TemporaryKey.pfx
./MS/dw-mobile/private/src/DealWatcher/DealWatcher/DealWatcher.UWP/Windows_TemporaryKey.pfx
./MS/dw-mobile/private/src/DealWatcher/DealWatcher/DealWatcher.Windows/Windows_TemporaryKey.pfx
./MS/STCIInferences/private/STCI-Inferences-Offline/Workflows/Secrets/x509CertSTCIInferences.pfx
./MS/NativeMaps-Client/src/Navigation/Projects/WinRT/NavHost/NavHost_TemporaryKey.pfx
./MS/NativeMaps-Client/src/Libraries/Projects/Windows/Tests_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/Xamarin/XamarinMapHost/XamarinMapHost.UWP/XamarinMapHost.UWP_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/StressTestTool/StressTestTool_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/Microsoft.Maps/Microsoft.Maps_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/API spec/Samples/App9_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/MapViewer/MapViewer_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/MapHost/MapHost_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/GuidanceComparisonApp/GuidanceComparisonApp_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/MapDataTestApp/MapDataTestApp_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/Tests/MapControlTestApp/MapControlTestApp_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/MapHostHolographic/MapHostHolographic_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MapRendering/Projects/WinRT/Microsoft.Maps.Host/MapHost_TemporaryKey.pfx
./MS/NativeMaps-Client/src/MicrosoftGeospatialTiles/Projects/WinRT/MicrosoftGeospatialTilesTests/MicrosoftGeospatialTilesTests_TemporaryKey.pfx
./MS/NativeMaps-Client/src/NavigationEngine/Projects/WinRT/Tools/RpgTool/RpgTool_TemporaryKey.pfx
./MS/NativeMaps-Client/src/NavigationEngine/Projects/WinRT/Tools/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest_TemporaryKey.pfx
./MS/NativeMaps-Client/src/NavigationEngine/Projects/WinRT/Tools/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest/RoutingGuidanceTest_TemporaryKey.pfx
./MS/VenueMapsData/VenueMapViewer.Universal/VenueMapViewer.Universal_TemporaryKey.pfx
./MS/CoXDataMining/Certificate/coxreporting.phx.gbl.pfx
./MS/MapStyleSheetEditor/src/MapStyleSheetEditor/MapStyleSheetEditor_TemporaryKey.pfx
./MS/HalseyExperienceServices/private/src/dev/halsey/tools/HnsDriverTool/HnsDriverTool/HnsDriverTool_TemporaryKey.pfx
./MS/CoXDataMining (1)/Certificate/coxreporting.phx.gbl.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2UsernameBindingSample/Certificates/WcfServiceCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2UsernameBindingSample/Certificates/ACS2SigningCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/WcfServiceCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/ACS2ClientCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2CertificateBindingSample/Certificates/ACS2SigningCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/WcfServiceCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/ACS2SigningCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/WebServices/Acs2FederationSample/Certificates/ACS2DecryptionCert.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/OAuth2/Certificates/ACS2ClientCertificate.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/Management/ManagementService/SharedFiles/TenantSigningCert.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/developer/dcherny/Windows Azure AD Access Control Service (ACS) 2.0 Code Samples/stuff/Management/ManagementService/SharedFiles/SampleCert.pfx
./MS/Proactive/private/CASI_and_AIS/vNext_Branch/DataAccessor/ApplicationIdentityServiceUnitTest/Config/AISTestCertWithPrivateKey.pfx
./MS/Spatial/ServiceFabric/Source/SpatialDataServiceFabric/Deployment/Environment/Certs/spatialservicefabric-int-westus.westus.cloudapp.azure.com.pfx
./MS/Spatial/ServiceFabric/Source/SpatialDataServiceFabric/Deployment/Environment/Certs/spatialservicefabric-prod-centralus.centralus.cloudapp.azure.com.pfx
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/spatialservicefabric-int-westus.westus.cloudapp.azure.com.pfx
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/ICM/spatialdataservice-fabric-emailconnector.pfx
./MS/Spatial/ServiceFabric/Deployments/Environment/Certs/spatialservicefabric-prod-centralus.centralus.cloudapp.azure.com.pfx
./MS/Itinerary/src/Itinerary/Itinerary.UWP/Windows_TemporaryKey.pfx
./MS/Outings-MixedReality/src/OutingsViewer/OutingsViewer/OutingsViewer_TemporaryKey.pfx
./MS/Outings-MixedReality/src/BingMaps/Assets/Outings_TemporaryKey.pfx
./MS/GeospatialData/Native/Samples/LoadUap/LoadUap_TemporaryKey.pfx
./MS/NativeMaps-Tools/LabelingDiagnostics/JupiterMapHost/JupiterMapHost_TemporaryKey.pfx
./MS/NativeMaps-Tools/Performance/MapScenePerformanceApp/MapScenePerformanceApp_TemporaryKey.pfx
./MS/NativeMaps-Tools/Performance/Archive/MapControlPerfApp/MapControlPerfApp/MapControlPerfApp_TemporaryKey.pfx
./MS/NativeMaps-Tools/Performance/MemoryStressApp/MemoryStressApp_TemporaryKey.pfx
./MS/NativeMaps-Tools/Performance/Automation/PerformanceTestApp/PerformanceTestApp_TemporaryKey.pfx