Microsoft Confirms Lapsus$ Hacker Group Violated Its Systems

Main 2

Microsoft has confirmed that hacker group Lapsus$, which is also responsible for data breaches at Nvidia, Samsung and Okta, has been given limited access to its systems. The company confirmed the breach after the hacker group shared a file this week that allegedly contained partial source code for Bing and Cortana. Also Read – Microsoft Lowers Prices Of Game Pass, Xbox Live Gold: Prices Now Start At Rs 349

“No customer code or data was involved in the observed activities. Our investigation revealed that one account was hacked, allowing restricted access. Our cybersecurity response teams acted quickly to recover the compromised account and prevent further activity,” Microsoft wrote in a blog post. Also read – Microsoft wants you to stop using Internet Explorer now

In addition, the company said it has been actively monitoring the threat group known internally as DEV-0537 or LAPSUS$ for some time now. “Unlike most under-the-radar activity groups, DEV-0537 doesn’t seem to be covering its tracks. They even go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations,” Microsoft added in the blog post. Also Read – Microsoft Xbox Cloud Gaming Gets Better on iPhone and iPad

Speaking about the tactics used by the company, Microsoft said Lapsus$ uses a combination of phone-based social engineering and SIM swapping to collect information about targeted individuals and organizations.

“DEV-0537 also uses several tactics that are less commonly used by other threat actors followed by Microsoft. Their tactics include phone-based social engineering; SIM swapping to access personal email accounts of employees at target organizations, paying employees, suppliers or business partners of target organizations for access to credentials and multi-factor authentication (MFA) approvals.”

The company also found incidents where the hacker group gained access to target organizations through recruited employees or business partners. The group even advertised that it wanted to “buy credentials for their targets to entice employees or contractors to participate in the operation.”

“The actor has been observed to subsequently participate in the organization’s crisis communication conversations and internal discussion boards (Slack, Teams, conference calls and others) to understand the incident response workflow and the response associated with it,” the company added.

How can you protect yourself from such attacks?

Microsoft has listed several steps that can be taken to protect individual accounts and company data from such hacker groups. The list includes using multi-factor authentication (MFA), using secure implementations such as FIDO tokens or Microsoft Authenticator with Caller ID, using complex and hard-to-guess passwords, and using biometric password authentication tools such as Windows Hello. The company also recommends avoiding telephony-based MFA methods to avoid the risks of SIM jacking.

Leave a Reply

Your email address will not be published. Required fields are marked *