Microsoft Confirms Lapsus$ Hacker Group Gained “Limited Access” to Its Source Code
Microsoft has confirmed that the hacking group Lapsus$ managed to gain “limited access” to its security system and steal some parts of their source code. The company says that its security researchers had already been tracking the activities of Lapsus$, which claims to have hacked sensitive data from Samsung, Nvidia, Ubisoft, and Okta.
The Redmond giant detailed in a blog post that the Lapsus$ group compromised an employee account with limited access, but its security teams interrupted the hacking effort mid-way. The company emphasized the leaked source code doesn’t increase the security risks, and the hackers were unable to access customer data or sensitive information.
“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” the company explained yesterday.
Microsoft highlighted that Lapsus$ has gradually expanded its geographical range to target government and enterprise customers worldwide. Interestingly, the hacking group typically uses different techniques to breach the multi-factor authentication (MFA) systems of the targetted organization. Some popular tactics include SIM-swapping, phone-based social engineering, paying employees to access credentials, purchasing session tokens from public forums, and more.
Microsoft provides recommendations to prevent cyber attacks by the Lapsus$ hacker group
Microsoft has outlined several steps that should help IT Admins protect their organizations. The company recommends that its customers should improve their security practices by implementing secure Multifactor Authentication mechanisms, using trusted endpoints, and leveraging modern VPN authentication techniques. In addition, Microsoft urges companies to follow operational security practices and educate their employees about social engineering attacks.
It is important to note that the hacker group claimed to have access to 37GB of internal source code for Bing and Cortana. However, Microsoft didn’t provide details about the potential source code exfiltration. Microsoft has previously highlighted as a part of the Solarigate investigation that access to source code isn’t an elevation of security risk, and the threat actors still need permissions to modify engineering systems. The firm emphasized that its policy is based on the assumption that the source code is already compromised due to a security breach.
Microsoft says that its cybersecurity response team is still investigating the most recent attacks from Lapsus$, and the company plans to provide additional insights and recommendations soon.
More in Security
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
QNAP Warns NAS Users About New DeadBolt Ransomware Campaign
Jun 20, 2022 | Rabia Noureen
Microsoft Defender for Individuals is Now Available on Desktop and Mobile
Jun 16, 2022 | Rabia Noureen
Microsoft Acquires Foreign Cyber Threat Analysis Company Miburo
Jun 15, 2022 | Rabia Noureen
Most popular on petri