Microsoft confirms that $lapsus has hacked their systems
Microsoft said hacker group $ Lapsus was granted limited access to its systems after it claimed to have obtained the source code for the Bing search engine and Cortana voice assistant.
The group released a file purporting to contain fragments of Bing and Cortana source code containing around 37GB of data.
The software giant has been monitoring the activities of $Lapsus for several weeks, which it describes as a massive blackmail campaign and social engineering.
The company provided details about its $lapsus attack strategy in a blog post. “DEV-0537 actors aim to gain access to stolen data to enable data theft and destructive attacks on target organizations, often resulting in extortion,” she said. Tactics and objectives indicate that we are dealing with a cybercriminal motivated by theft and vandalism.
$Lapsus has already breached Nvidia and Samsung’s cybersecurity defenses. The group also claims to own the franchise of Okta System, a San Francisco-based company that provides user authentication services to thousands of enterprise customers.
Okta denied the group’s allegations about accessing the authentication service, saying that its service had not been hacked and remained up and running.
“Our investigation identified a compromised account that was granted limited access,” Microsoft said. Our cybersecurity response team was quickly involved in fixing the hacked account and preventing any new activity. Microsoft does not rely on code confidentiality as a security measure. Do not increase the risk.
Microsoft has been following the group for weeks
Dubbed the DEV-0537 by Microsoft’s cybersecurity researchers, the hacker group is expanding the geographic reach of its targets and targeting government organizations, as well as the technology, communications, and healthcare sectors. Microsoft said it hacked cryptocurrency accounts.
Lapsus claims via social media that it hacked several major tech companies in addition to Microsoft.
His Telegram channel was the first to announce the Microsoft and Okta hack this week. He also noted that there had been violations of LG employees’ accounts.
The software giant said: “Unlike most campaign groups that attempt to divert attention, DEV-0537 does not appear to be masking the problem. The group announced an attack on social media. It also announced its intention to purchase data from employees of the target organization.”