Update: Microsoft confirmed the attack in a post last night, noting that it occurred after one of its employee’s accounts was compromised by Lapsus$.
“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” the post reads.
Microsoft then goes on to lay out the groups tactics in detail, and ways to prevent against similar threat actors, so the post is worth a read if you’re looking to tighten up security.
Original story: LAPSUS$, the same hacking group that targeted Nvidia and Samsung of recent, has confirmed it has targeted Microsoft, as well as LG and Okta. The latter would give the hackers access to 15,000 companies worldwide, including Peloton, Sonos and T-Mobile.
In the Microsoft attacks, the group claims to have stolen the source code for not only Bing browser, but also its mapping system and the Cortana assistant. Though El Chapuzas Informatico notes that the group admits it only managed to acquire 90% of the code for Bing Maps, whereas that number sits at around 45% for the code for Cortana and Bing itself. Torrents for both have been released, regardless.
As for LG, a “dump of all hashes for” the company’s employee and service accounts has been leaked, and a “dump of LGs infrastructure confluence will be released soon.” In the official chat announcement, the group taunts LG: “Might be a good idea to consider a new CSIRT team.”
LAPSUS$’s attack on Okta has been proven with released screenshots, and security experts told Reuters they “definitely do believe it is credible.” This is particularly troubling since it’s one of the world’s leading authentication companies for thousands of companies, universities, and government agencies across the globe. I’m sure I don’t need to stress the kind of chaos that could cause, but as Reuters reports, Okta is looking into the security breach now.
“We believe the screenshots shared online are connected to this January event,” Okta official Chris Hollis said in a statement. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
Right now, thousands of companies, and countless customers, are on high alert. Since these are the same hackers that targeted Samsung, and released 190GB of sensitive data, it’s safe to say their threats are not empty.
Their recent attack on Nvidia sent shockwaves, with the hackers threatening to release a bypass of Nvidia’s hash rate limiter. Data stolen from those attacks was used to disguise malware as GPU drivers, so you can imagine what LAPSUS$ and the rest of the malicious few plan to do with Microsoft’s source code.