Tech giant, Microsoft has confirmed that it was breached by the hacker group, Lapsus$. In a blog post on Tuesday — issued hours after Lapsus$ shared a torrent file comprising partial source code from Bing, Bing Maps, and Cortana — Microsoft announced that a single employee’s account was compromised by the hacker group Lapsus$, granting the attackers “limited access” to Microsoft’s systems and authorizing the theft of the company’s source code.
Microsoft is Working on Limiting the Broader Impact of the Leaked Source Code
Microsoft added that no client code or data was compromised. “Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft said. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”
Furthermore, Microsoft hasn’t shared any details about how the account was compromised but provided an overview of the tactics, techniques, and procedures used by hacker group Lapsus$, which the company’s Threat Intelligence Center, known as MSTIC, has followed across multiple attacks. Initially, these attacks targeted institutions in South America and the U.K., though hacker group Lapsus$ has since expanded to global targets, including governments and corporations in the technology, telecom, media, retail, and healthcare sectors.
Hacker Group ‘Lapsus$’ Used Compromised Credentials to Company’s Internet-Facing Device
Lapsus$ then employs compromised credentials to access a corporation’s internet-facing appliances and systems, such as virtual private networks, remote desktop infrastructure, or identity management services, such as Okta, which the hacking group successfully breached in January. Microsoft states that in at least one compromise, Lapsus$ conducted a SIM swap attack to gain control of an employee’s phone number and text messages to gain access to multi-factor authentication (MFA) codes needed to log in to an organization.