LAPSUS$ becomes a real nightmare for the biggest tech companies. A few weeks ago we saw how Nvidia suffered the theft of information by the group of hackers. Soon after, Mercado Libre and Samsung were also affected. Now the new victim is Microsoft. This was confirmed by those in Redmond after they opened an investigation for theft of confidential information.
The group assured at the beginning of the week to have made a total of 37 GB of data from Microsoft. Among them, it seems, Cortana and Bing source codewhich was partially stolen by hackers.
After completing the relevant investigations, Microsoft confirmed on Tuesday the veracity data theft. The company called the event a “cybercriminal-motivated theft and destruction” tactic, as mentioned on its official blog. They also comment that the attackers, which they call DEV-0537, were responsible for stealing the information using “a single account”.
The goal of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often ending in extortion. His tactics and goals indicate that he is a cybercriminal actor motivated by theft and destruction.
Microsoft Threat Intelligence Center (Microsoft Threat Intelligence Center)
Microsoft acted in time
According to the company in its statement, Microsoft’s response team stopped the theft of information by US $ halfway through the operation. They also ensure that the leaked code does not pose a serious threat; there are therefore no reasons that could lead to an increase in risk within the company.
Unlike most groups that stay under the radar, DEV-0537 doesn’t seem to be hiding its tracks. They dare to announce their attacks on social networks or announce their intention to buy IDs from employees of targeted organizations.
microsoft
BeepComputer recently confirmed that the hacker group posted a 37 GB torrent on the internet. This file contains up to 250 Microsoft projects in its innards. According to LAPSUS$, in the leak is the 90% of Bing code, while Cortana and Bing Maps remain at 45%. However, the stolen information also consists of the company’s cloud-based infrastructure, websites and applications.
Microsoft offers advice to other companies
For its part, Microsoft comments on some of the points that members of other organizations can implement to keep your security intact. Among them, multi-factor authentication, but without resorting to weak security processes, such as secondary SMS and emails. In turn, these companies must take it upon themselves to educate their team members about engineering attacks; and create processes for possible LAPSUS$ actions.
LAPSUS$ claims to have accessed data from companies such as Samsung, Mercado Libre, Ubisoft, Nvidia, Microsoft and Okta. However, the latter recently denied this claim, commenting that “the Okta service has not been breached and remains fully operational.
Fortunately, it seems that Microsoft customer data was not compromised during the LAPSUS$ attack. The latter is confirmed by the company in its official statements. As they say, it was thanks to the performance of your security teamwho “reacted quickly” to repair the damage done and prevent the group from advancing.