Microsoft Confirms Lapsus$ Hacking Group Stole Some of Its Source Codes
Earlier this month, we saw Samsung confirm that data extortion group Lapsus$ hasstolen the source code for its Galaxy smartphones. Now, the same cyber-hacking group has stolen the source codes of Microsoft’s Cortana and Bing from its internal servers. They claim to have gained access to partial source codes of these platforms, which includes 37GB worth of data. Let’s take a look at the details.
Data Extortion Group Steals Microsoft’s Source Codes
Microsoft recently published an official blog post on its security forum to confirm the stealing of its source codes. The tech giant says thatit has been tracking the activities of the Lapsus$ group, which claims to have stolen sensitive data from other companies like Nvidia and Ubisoft as well.
In the blog post, Microsoft said it identifies the group as “DEV-0537” and the fact that it stole parts of source code for some of its products and services, including Bing and Cortana.
The Microsoft Threat Intelligence Center (MTIC) says that the primary objective of the group“is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.”The team alsohighlighted some of the methods used by Lapsus$ to gain access to target systems.
While this is of utmost concern both for the users and the company, Microsoft hasconfirmed that the stolen data will not pose a threat to either of them. It also mentioned that its response team shut down the data extortion process mid-way. Hence, the hackers could not gain the entire source code for its products. Lapsus$ says thatit was able to gain 45% of the Bing codes and around 90% of the Bing Mapscodes.
Going forward, Microsoft said that it will continue to monitor the activities of Lapsus$ via the threat intelligence team. The company also highlighted many security systems such as strong multifactor authentication methods that other companies could implement to keep their data safe from such extortion groups. Moreover, it suggests other vulnerable companies educate their employees about social engineering attacks and create dedicated processes to handle such attacks.
You can check out theMicrosoft blog postfor more details and do tell us what you have to say about this hack in the comments below.
Dwaipayan Sengupta
A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
