This time, the extortion group Lapsus$ went against Microsoft, obtaining around 40GB of information. Both parties confirmed and announced the attack, increasing this group’s danger, though there are not many details about them. This adds to the series of attacks on important profiles in the world. Learn more about this new security breach in the following article.
Microsoft confirms the attack and is closely following Lapsus$
At the beginning of the week, the Lapsus$ group claimed on its Telegram channel that it had managed to access Microsoft’s Azure DevOps server, obtaining around 40 GB of information. Microsoft confirmed the event on Tuesday; they said that part of the Cortana source code and the Bing search engine were compromised. The Microsoft’s Threat Intelligence Center (MSTIC) team assured that it has been studying and following the group for months under the code name DEV-0537.
In a statement, Microsoft assured that the part of the stolen code is not a threat to its systems and security: “No code or customer data has been involved in the observed activities. Our investigation has found that a single account has been compromised, granting limited access. Our cybersecurity response teams acted quickly, halting the theft mid-operation, preventing further activity.”
Microsoft gives details about Lapsus$
On Microsoft’s blog, they describe the group as a “pure extortion and destruction model without deploying ransomware payloads.” They also specified the goal of their attacks: “The goal of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often ending in extortion. Their tactics and Objectives indicate that it is a cybercriminal actor motivated by theft and destruction.”
The Redmond-based organization is just the latest victim in a series of attacks on large corporate profiles such as Samsung, Vodafone, NVIDIA, Ubisoft, Mercado Libre and Okta (which was also confirmed this week). However, this group not only attacks large companies; last year, they confirmed having accessed the servers of the Brazilian Ministry of Health.
So far, Microsoft and other cybersecurity experts are sure the group uses employees to gain access to servers and breach source code repositories. How they manage to obtain the credentials of the employees’ accounts is something that has not been discovered. Some say they may be following the employees, while others even ensure that they are paying or using extortion.
Following this attack, Microsoft has also given some advice on how to prevent Lapsus$ or other groups with similar techniques from gaining access to the servers. Their suggestions include turning on multi-factor authentication, but not using weak methods for it, such as text messages or secondary emails. They also talk about the importance of educating staff not only on cybersecurity but also on social engineering. And finally, establish processes to mitigate and respond to attacks of this nature.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Windows on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp