LAPSUS$, a data extortion hacking group that recently targeted Nvidia and Samsung, has stated that it has also targeted Microsoft, LG, and Okta.
According to El Chapuzas Informatico, around 90 percent of the information from Bing Maps was stolen in the Microsoft hacks, while approximately 45 percent was obtained from Bing and Cortana. The extortion group released a torrent for a 9 GB zip file containing the source codes for over 250 Microsoft-related projects.
Last night, Microsoft confirmed the hack in a blog post, stating that it happened after one of its employee’s accounts was compromised by Lapsus$.
The post read, “This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity”.
They concluded by saying, “We advise organizations to follow very tight operational security practices when responding to an intrusion believed to be DEV-0537. Organizations should develop an out-of-band communication plan for incident responders that is usable for multiple days while an investigation occurs. Documentation of this response plan should be closely held and not easily accessible”.