Microsoft has verified that it has been the target of the hacker group Lapsus$ which was previously responsible for cyber attacks against Samsung and Nvidia. Designating the hacker group as “DEV-0537 criminal actor” in an official statement, Microsoft describes its main method of attack as “a large-scale social engineering and extortion campaign against multiple organizations.” Luckily, the Microsoft hack was limited in scope as the company was able to detect the hack early.
What does the hacker group Lapsus$ want?
In the attack, partial source code for Cortana and Bing were stolen through a single account that was compromised. But after the account’s holder quickly disclosed the intrusion, Microsoft was able to prevent the attack while it was in progress.
Why was Microsoft hacked? According to a lengthy security post by Microsoft’s security teams, the hacker group is a growing threat that brazenly targets employees to steal their credentials:
“DEV-0537 is known for using a pure extortion and destruction model without deploying model without deploying ransomware payloads. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organization in government, technology, telecom, media, retail, and healthcare sectors.
…Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks. They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations.”
Microsoft recommends that other companies like Apple and EA be on alert for vulnerabilities, sharing an image (posted above) of how the hacker group has attempted to gain credentials in WhatsApp by pretending to be a job recruiter.
From what the company has discerned, the hacker group have utilized many social hacking techniques like “phone-based social engineering” and “paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval.” They will frequently spam users with MFA prompts and will attempt to reset a user’s credentials by fooling the help desk for the organization.
Microsoft will continue to investigate the hacker group and share additional information through updates on the blog post.
In other news, Rocksteady has delayed Suicide Squad to next year, and Sony continues to investigate the latest PS5 update which has broken the PlayStation Network.