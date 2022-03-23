Microsoft, however, said the leaked code was not severe enough to cause any risk elevation and that response teams shut them down mid-operation.

Lapsus$, the hacking group that had earlier claimed to have hacked Samsung, Nvidia, and several others, claimed this week that it had also hacked Microsoft. Posting a file in an archive that had 37GB data, the group claimed that it contained partial source codes for Bing and Cortana. Lapsus$ claimed it only got around 45% of the code for Cortana and Bing and around 90% for Bing Maps.

After investigating, Microsoft confirmed on Tuesday that the group, referred to as DEV-0537, compromised “a single account” and stole sections of source code for some products. In a blog post on its security site, Microsoft said investigators had been tracking Lapsus$ for weeks. The post also provides details about some methods they group used to compromise victims’ systems.

The Microsoft Threat Intelligence Center (MSTIC) said the DEV-0537 actors’ objective was to gain elevated access through stolen credentials, enabling data theft and destructive attacks against a targeted organisation that often resulted in extortion.

“Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” MSTIC said.

Microsoft, however, said the leaked code was not severe enough to cause any risk elevation and that response teams shut them down mid-operation.

In the blog post, Microsoft also outlined the steps other organisations can take to improve security, including requiring multifactor authentication, not using weaker multifactor authentication methods such as secondary email or text messages, educating team members about potential social engineering attacks, and creating processes for responses to Lapsus$ attacks. Microsoft said it would keep tracking Lapsus$ and keep an eye on any attacks it carries out on customers.

Lapsus$ has been on a hacking spree in recent times, if its claims are to be believed. The group claims to have accessed data from Samsung, Okta, and Ubisoft, and Nvidia. While Samsung and Nvidia admitted that their data was stolen, Okta denied the group’s claims that it had access to its authentication service.