Microsoft Says Lapsus$ Hackers Got ‘Restricted Access’ To One Account

keyboard security privacy laptop hacking 7913


James Martin/CNET

Microsoft confirmed on Tuesday that an attack linked to the Lapsus$ hacking group was given “limited access” to a single account, adding that its security teams were suspending the effort.

The revelation comes after the South American hacking group, which has been linked to data breaches at Samsung and Nvidia, said Monday it had hacked into Microsoft and obtained partial source code for Microsoft products Bing, Bing Maps and Cortana. Microsoft said its researchers have been tracking the group it calls DEV-0537 for weeks as it attacked government, technology, telecom, media, retail and healthcare around the world.

“DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads,” according to a blog post Tuesday on the Microsoft Threat Intelligence Center. “DEV-0537 has also been known to take over individual user accounts at cryptocurrency exchanges to get rid of cryptocurrency holdings.”

Microsoft said the group’s tactics include phone-based social engineering, SIM swapping, and paying employees and suppliers at targeted organizations for access to credentials. Lapsus$ doesn’t appear to be hiding its activity, Microsoft said, adding that the hackers go so far as to advertise credentials and use social media to announce their attacks.

“Our team was already investigating the compromised account based on threat intelligence when the actor made his intrusion public,” the blog post read. “This public disclosure escalated our action allowing our team to step in and interrupt the actor midway through surgery, limiting its broader impact.”

The attack came at a time when data breaches across all industries were on the rise. in 2021, data breaches increased by 68% year over year to all-time high, according to a report from the Identity Theft Resource Center.

DEV-0537 also claimed responsibility for a data breach attempt in January from identity authentication giant Okta. However, Okta CEO Todd McKinnon said on Tuesday that the January event was “withheld” and that: it had no evidence of continued malicious activity From that moment on.



Receive the CNET Windows Report Newsletter

Get smarter with the latest Microsoft news, reviews, and advice on Windows PCs. Wednesday delivered.



Leave a Reply

Your email address will not be published.