The hacking group Lapsus$, known for claims to have hacked Nvidia, Samsungand more, this week claimed it even hacked Microsoft. The group released a file it claimed contains partial source code for Bing and Cortana in an archive containing nearly 37GB of data.
On Tuesday evening, after investigation, Microsoft confirmed The group, which they call DEV-0537, compromised “a single account” and stole pieces of source code for some of their products. A Blog post on his security page says that Microsoft investigators tracked the Lapsus$ group for weeks and describes some of the methods they used to compromise victims’ systems. According to the Microsoft Threat Intelligence Center (MSTIC), “DEV-0537 actors aim to gain elevated access through stolen credentials, allowing for data theft and destructive attacks against a targeted organization, often leading to extortion. Tactics and targets suggest this is a cybercriminal actor motivated by theft and destruction.”
Microsoft claims that the leaked code is not severe enough to cause an increase in risk and that its response teams shut down the hackers midway through.
Lapsus$ has been in tears lately if his claims are to be believed. The group says they have access to data from octa, Samsungand Ubisoft, as well as Nvidia and now Microsoft. While companies like Samsung and Nvidia have admitted their data was stolenOkta contested the group’s claims that it had access to its authentication service, claiming that “the Okta service has not been breached and remains fully operational.”
This week, the actor publicly claimed he had hacked into Microsoft and exfiltrated parts of the source code. No customer code or data was involved in the observed activities. Our investigation revealed that a single account was compromised, granting limited access. Our cybersecurity response teams acted quickly to repair the compromised account and prevent further activity.
Microsoft does not rely on code secrecy as a security measure, and viewing the source code does not increase risk. The tactics used by DEV-0537 in this attack mirror the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly announced its intrusion. This public disclosure escalated our action and allowed our team to intervene and disrupt the actor during the operation, limiting the broader impact.
This isn’t the first time Microsoft has claimed attackers will access its source code – it said the same after the Solarwinds attack. Lapsus$ also claims that it only got about 45 percent of the code for Bing and Cortana and about 90 percent of the code for Bing Maps. The latter appears to be a less valuable target than the other two, although Microsoft was concerned that its source code would expose vulnerabilities.
In its blog post, Microsoft outlines a number of steps other companies can take to improve their security, including requiring multi-factor authentication, abandoning “weak” multi-factor authentication methods like text messaging or secondary email, and the Educate team members about the potential for social engineering attacks, and create processes for possible responses to Lapsus$ attacks. Microsoft also says it will continue to track Lapsus$ and keep tabs on any attacks on Microsoft customers.
https://www.theverge.com/2022/3/22/22991409/lapsus-microsoft-security-windows-source-code Microsoft confirms Lapsus$ hackers stole source code via “restricted” access