Microsoft Confirms Lapsus$ Hacking Group Stole Some of Its Source Codes

Microsoft rewards $30,000 to Indian cybersecurity analyst

Earlier this month, we saw Samsung confirm that data extortion group Lapsus$ has stolen the source code for its Galaxy smartphones. Now, the same cyber-hacking group has stolen the source codes of Microsoft’s Cortana and Bing from its internal servers. They claim to have gained access to partial source codes of these platforms, which includes 37GB worth of data. Let’s take a look at the details.

Data Extortion Group Steals Microsoft’s Source Codes

Microsoft recently published an official blog post on its security forum to confirm the stealing of its source codes. The tech giant says that it has been tracking the activities of the Lapsus$ group, which claims to have stolen sensitive data from other companies like Nvidia and Ubisoft as well.

In the blog post, Microsoft said it identifies the group as “DEV-0537” and the fact that it stole parts of source code for some of its products and services, including Bing and Cortana.

The Microsoft Threat Intelligence Center (MTIC) says that the primary objective of the group “is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.” The team also highlighted some of the methods used by Lapsus$ to gain access to target systems.

While this is of utmost concern both for the users and the company, Microsoft has confirmed that the stolen data will not pose a threat to either of them. It also mentioned that its response team shut down the data extortion process mid-way. Hence, the hackers could not gain the entire source code for its products. Lapsus$ says that it was able to gain 45% of the Bing codes and around 90% of the Bing Maps codes.

Going forward, Microsoft said that it will continue to monitor the activities of Lapsus$ via the threat intelligence team. The company also highlighted many security systems such as strong multifactor authentication methods that other companies could implement to keep their data safe from such extortion groups. Moreover, it suggests other vulnerable companies educate their employees about social engineering attacks and create dedicated processes to handle such attacks.

You can check out the Microsoft blog post for more details and do tell us what you have to say about this hack in the comments below.

VIA The Verge
comment Comments 0
Leave a Reply