Microsoft Says Lapsus$ Hackers Gained ‘Limited Access’ to Single Compromised Account
Microsoft has revealed that the Lapsus$ hacking group was able to gain “limited access” to a single compromised account.
The disclosure comes after Lapsus$ claimed to have exfiltrated portions of the company’s source code on Tuesday. The tech giant pointed out in a blog post Tuesday evening that “no code or customer data was involved in the activities observed”.
“Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on secrecy of the code as a security measure and viewing the source code does not result no increased risk,” Microsoft’s security team said. “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed his intrusion. This public disclosure escalated our action, allowing our team to step in and interrupt the actor in course of operation, thus limiting a wider impact.”
OKTA HACK: WHAT YOU NEED TO KNOW
According to Microsoft, Lapsus$, also known as DEV-0537, steals sensitive data from its victims, which is used for extortion purposes. His tactics include social engineering over the phone; SIM card exchange; access employees’ personal email accounts; pay employees, vendors, or business partners for multi-factor authentication (MFA) credential access and approval; and interfere with their targets’ crisis communications calls and internal communications platforms.
Microsoft says the group initially targeted organizations in the UK and South America, but has since expanded to global markets. Its victims include organizations in the government, technology, telecommunications, media, retail, and healthcare sectors, as well as individual user accounts on cryptocurrency exchanges.
CLICK HERE TO LEARN MORE ABOUT FOX BUSINESS
In addition to Microsoft, Lapsus$ previously claimed responsibility for a cybersecurity incident that stole Nvidia employee credentials and approximately 1 terabyte of corporate data. He also claimed to have had access to Okta’s internal systems, although the company responded by saying that its systems had not been hacked and remained fully operational.
Other Lapsus$ victims reportedly included Samsung, video game giant Ubisoft, Brazil’s health ministry, Portuguese media group Impresa and its weekly Expresso.
|UBSFY||UBISOFT ENTERTAINMENT SA||9.05||-0.12||-1.31%|
Microsoft’s recommendations to prevent future $lapse hacks include multi-factor authentication for all users in all locations, passwordless authentication like Windows Hello for Business and Microsoft Authenticator, and using OAuth or SAML (Security Asset Markup Language) language connected to Azure AD for virtualization. Private network authentication (VPN).
“Microsoft continues to monitor DEV-0537’s activities, tactics, malware, and tools,” the company said. “We will communicate any additional information and recommendations as we investigate their actions against our customers.”