Lapsus$, a hacker gang that claims to have hacked Nvidia, Samsung, and other companies, said this week that it has also attacked Microsoft. In an archive containing roughly 37GB of data, the group claimed to have found a file containing partial source code for Bing and Cortana.
After an investigation, Microsoft revealed that the gang known as DEV-0537 had hacked “a single account” and stolen pieces of source code for some of its products on Tuesday evening. Microsoft investigators have been investigating the Lapsus$ gang for weeks, according to a blog post on its security site, and reveals some of the ways they’ve used to corrupt victims’ PCs.
“The goal of DEV-0537 attackers is to achieve elevated access through stolen credentials that allow data theft and damaging assaults against a targeted company, typically culminating in extortion,” according to the Microsoft Threat Intelligence Center (MSTIC). This is a cybercriminal actor driven by theft and damage, according to tactics and aims.”
Microsoft claims that the disclosed code isn’t serious enough to put users at danger, and that its reaction teams were able to stop the hackers in the middle of their attack.
If its boasts are to be accepted, Lapsus$ has been on a tear recently. According to the organization, it has data from Okta, Samsung, and Ubisoft, as well as Nvidia and Microsoft. While firms such as Samsung and Nvidia have confessed that their data was taken, Okta has denied that the organization has access to their authentication service, asserting that “the Okta service has not been compromised and remains fully functioning.”
This isn’t the first time Microsoft has stated that it expects attackers to have access to its source code; it did so following the Solarwinds assault. According to Lapsus$, it only received around 45 percent of the code for Bing and Cortana, and about 90 percent for Bing Maps. Even if Microsoft was concerned about its source code disclosing flaws, the latter appears to be a less lucrative target than the other two.
Microsoft outlines a number of steps that other organizations can take to improve their security in its blog post, including requiring multifactor authentication, not using “weak” multifactor authentication methods like text messages or secondary email, educating team members about the potential for social engineering attacks, and developing processes for potential Lapsus$ attacks. Microsoft also stated that it will continue to monitor Lapsus$ and any assaults it may carry out against Microsoft customers.