Last Updated: Mar 26, 2022

Lapsus$, a hacker group claiming to have hacked Samsung, Nvidia, and other companies, this week hacker group claimed it has also attacked Microsoft data. In an archive including roughly 37GB of information, the group asserted to have found a file having partial source code for Cortana and Bing.

Microsoft security analysts have been investigating the Lapsus$ group over a few weeks, according to a blog post on its security site, and reveal some of the ways they have used to corrupt victims’ systems. After an investigation, Microsoft announced that the gang known as DEV-0537 had hacked “a single account” and stolen pieces of source code used in some of its products on Tuesday evening.

According to MSTIC (Microsoft Threat Intelligence Center), “The goal of DEV-0537 actors is to achieve escalated access with stolen credentials,” which can facilitate the theft of data and destructive attacks on the targeted entity, typically which result in the extortion of funds. The goals and tactics of the Lapsus$ group indicate that it is a cybercriminal actor driven by destruction and theft.”

According to the blog post on the Microsoft security site, the hacker group, which Microsoft’s cybersecurity researchers have given the codename DEV-0537, has been increasing its geographic scope and targeting government institutions, telecom, technology, and health-care industries. According to Microsoft Company, the hacker group is also known for stealing cryptocurrency accounts.

“Microsoft Does Not Rely On Code Secrecy, As A Security Measure.”

Microsoft insists that the code leak is not severe enough to warrant the increased risk. Microsoft Company claims that the response teams have shut down the hackers in mid-operation. Lapsus$ is on a roll lately if the claims of its members are to be taken seriously.

According to the hacker group, it has data from Ubisoft, Okta, Nvidia, Samsung, and now Microsoft. Few companies such as Nvidia and Samsung have confessed that their information has been stolen. Okta has denied the claims of the hacker group that it has access to their authentication service, claiming that “the Okta service has not been compromised and remains functional.”

It is not the first time that Microsoft has claimed it believes that attackers can have access to its source code. It said the same thing in the aftermath of the Solarwinds attack. Lapsus$ group also claims that it got only around 45% of source code that runs Cortana and Bing, and nearly 90% of code used for Bing Maps. It would be an unimportant target compared to the two other ones, even if Microsoft were concerned about its source code being exposed as weaknesses.

In the blog post on the Microsoft security site, Microsoft provides a variety of steps other companies can adopt to enhance their security. It includes requiring multifactor authentication method not using “weak” techniques for multifactor authentication such as secondary email or text messages, educating staff members on the possibility of cyber-attacks using social engineering attacks, and developing strategies for responding to Lapsus$ attacks. Microsoft further states that it will be monitoring Lapsus$ and will keep in watch all types of attacks it may carry out on Microsoft customers.