Lapsus$, a group of hackers that has come to hack large companies such as Nvidia or Samsung, has confirmed that it is behind the cyberattack on Microsoft . As they have detailed, the file that they have published of 37 GB of data contains part of the source code of Bing and Cortana.
The company itself discovered in an investigation that the hackers compromised ” a single account ” and that, with it, they have obtained the partial source codes of some of its services. In the post , Microsoft had dubbed the group DEV-0537 and had been studying it for several weeks.
” The goal of the DEV-0537 actors is to gain elevated access through stolen credentials that enable data usage and destructive attacks against a target organization, often resulting in extortion ,” explained those at the Microsoft Threat Intelligence Center, managers of the company’s cybersecurity- The tactics and objectives indicated that it is a cybercriminal actor motivated by theft and destruction ” .
Prior to Lapsus$’ confession to the attack, Microsoft had reported that “ no client code or data was involved in the observed activities ” . They even pointed to the effectiveness of their IT security response teams , as they acted “ quickly ” to prevent further compromised accounts.
According to their investigation, “a single account was compromised, granting limited access ”. When Lapsus$ confirmed its attack, the Microsoft Threat Intelligence Center was analyzing the compromised account.
LAPSUS$ extortion group has released source code to Bing, Bing Maps, and Microsoft Cortana.
They state that each release is incomplete (not the entire source code).
— vx-underground (@vxunderground) March 22, 2022
Specifically, the hackers reported that they obtained approximately 45% of the Bing and Cortana codes and about 90% of the Bing Maps code . Faced with this attack, the company has recommended that other companies improve their security and educate their workers to act against possible hacks.
Microsoft has not been the only company affected by a cyberattack by Lapsus$. As confirmed by the group, they have also had access to information from Okta, Samsung , Ubisof and Nvidia. However, Okta denied such claims at the time: ” The Okta service has not been broken and remains fully operational .”