Microsoft confirmed the hack last night in a blog post, stating that it occurred following a compromise of one of its employees’ accounts by Lapsus$. The observed operations did not involve any customer code or data. A single account had been compromised, giving restricted access, according to our research.
The post reads, “Our cybersecurity rescue teams rapidly engaged to fix the hijacked account and prevent additional behavior.” The paper goes on to discuss the group’s techniques as well as ways to avoid similar threat actors, so it’s worth reading if you’re trying to tighten up security. Following an earlier accusation from hacker organization Lapsus$, Microsoft has revealed it was a victim of a cyber-attack and had partial source code for Bing and Cortana stolen.
Microsoft stated in a statement that the organization had hacked “a single account” and was “known for adopting a pure extortion and destruction methodology without delivering ransomware payloads.”
Reportedly, this is the latest in a long line of claimed Lapsus$ attacks. The gang claimed credit for cyber threats on Nvidia earlier this month, as we disclosed. The organization then claimed responsibility for an attack on Samsung a week later, in which a large quantity of data was stolen, including algorithms for all biometric technology used by Samsung.
https://twitter.com/MalwareTechBlog/status/1506148594214002691
Microsoft released a lengthy statement explaining how the attack occurred and its recommendations for improved protection in the future. The company has highlighted what it believes are Lapsus$’s motivations and purposes (which Microsoft refers to in the post as DEV-0537).
The company made suggestions to other businesses which may be targeted by the hacker gang, including a screenshot from a WhatsApp discussion in which the group identifies a list of targets, including Apple, EA, and others. “One of the key avenues of defense against DEV-0537 is multifactor authentication (MFA).” While this organization works to find MFA flaws, it remains a crucial component of identity security for workers, partners, and other persons.” As further information regarding the incident emerges from Microsoft’s internal investigation, it aims to update this blog post.