Microsoft has confirmed its been victim to a cyber attack and had partial source code for Bing and Cortana stolen, following an earlier claim from hacker group Lapsus$.
In a statement, the corporation confirmed that the group, which Microsoft calls “known for using a pure extortion and destruction model without deploying ransomware payloads”, had compromised “a single account”.
This is the latest in a string of alleged attacks by Lapsus$. Earlier this month we reported that the group had claimed responsibility for a cyber attack on Nvidia.
Then, only a week later, the group claimed to be behind an attack on Samsung which saw a significant amount of data stolen, including algorithms for all biometric tech that Samsung uses across its products.
In a lengthy statement from Microsoft, the company outlined how the attack happened, and its recommendations for increased countermeasures against future attacks. The corporation also stated what it believes are the motivation and goals of Lapsus$ (which Microsoft refers to in the post as DEV-0537).
“Microsoft Threat Intelligence Center (MSTIC) assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” the blog post reads.
Microsoft has also stressed that while the breach did occur, it believes that “no customer code or data was involved in the observed activities”. It added: “Our investigation has found a single account had been compromised, granting limited access.”
The company concluded by providing recommendations to other corporations that may be targets of the hacker group, including showing a screenshot from a WhatsApp conversation wherein the group cites a list of targets including Apple, EA and more.
“Multifactor authentication (MFA) is one of the primary lines of defence against DEV-0537. While this group attempts to identify gaps in MFA, it remains a critical pillar in identity security for employees, vendors, and other personnel alike”.
Microsoft plans to update this blog post as more information about the attack is uncovered in its internal investigation.