Microsoft confirms Lapsus$ hackers gained “limited access” to its systems
Microsoft Corporation has confirmed that it was hacked by the extortion group Lapsus$, who acquired the source code for Bing search engine and Cortana voice assistant. Lapsus$ had earlier claimed to have hacked Nvidia, Samsung, Okta, and Ubisoft. However, Microsoft said Lapsus$ gained only “limited access” to its systems.
Lapsus$ gang, meanwhile, has released 37GB of source code stolen from Microsoft’s Azure DevOps server. However, in a new blog post, Microsoft, said that one of their employee’s accounts was compromised and “no customer code or data was involved.”
“Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” Microsoft wrote in their blog post.
“No customer code or data was involved in the observed activities,” the blog further read.
Microsoft Security teams have been actively tracking the activities of Lapsus$, calling it DEV-0537, over its “large-scale social engineering and extortion campaign.”
“As this campaign has accelerated, our teams have been focused on detection, customer notifications, threat intelligence briefings, and sharing with our industry collaboration partners to understand the actor’s tactics and targets,” Microsoft further wrote in their blog.