Microsoft confirms hackers gained source code.
One of the world's largest companies, Microsoft has been a victim of a cyberattack that resulted in some sort of theft of some of its source code. The hacker group Lapsus $ has gained "limited access" to Microsoft, following the claims has been obtained that source code for the Bing search engine and Cortana voice assistant. Lapsus $ which has been labelled a "large-scale social engineering and extortion campaign" had been tracked by the software giants.
Earlier also Lapsus $ has breached the cyber security of Samsung Electronics CO. and Nvidia Corp. and it is also claimed that they gained access to the system of Okta, the San Franciso company that manages the service of thousands of people. The 37GB archive posted by Lapsus $ holds the source code of Microsoft's Bing and Microsoft's assistant Cortana. Microsoft said, "Our investigation has found a single account had been compromised." Our cyber security teams quickly responded to remediate the compromised account to prevent further activity. The hacking group has been given the designation DEV-0537 by Microsoft's cyber security, which has expanded range of the geographical range of its target and was also going after government organizations like the telecom, tech, healthcare sectors. Also known as Hijacking cryptocurrency accounts, Microsoft said.
A social media claim is also made by Lapsus $ that several large companies like Microsoft were infiltrated. In a Telegram channel, Microsoft and Okta first announces the breaches, and LG Electronics Inc. was also included. Microsoft said that “Unlike most activity groups that stay under the radar, DEV-0573 doesn’t seem to cover its track.” This isn’t the first time Microsoft’s claimed that attackers have assumed its access. 45 per cent of the code for Bing and Cortana were hacked by Lapsus $ and around 90 per cent of Bing maps code. Microsoft also outlines the number of steps other organizations can also improve their security, including multifactor authentication, not using weak multi factors. MSTIC (Microsoft Threat Intelligence Centre) assesses the objective of DEV-0537 to gain elevated access through stolen credential that enables data theft.
Tags : #microsoft #hacking