Microsoft Corp claimed the hacker group Lapsus$ gained “limited access” to its networks. This followed a claim by Lapsus$ that it obtained source code for the Bing search engine and Cortana voice assistant.
For some weeks, the software giant has been watching the actions of Lapsus$. It describes it as a “large-scale social engineering and extortion campaign”. A blog post late Tuesday offered some specifics on the attacks’ techniques. Lapsus$ had previously hacked Nvidia Corp. and Samsung Electronics Co.’s cybersecurity forces. This week, it claimed to have acquired access to Okta. It is a company in San Francisco that provides user authentication services for thousands of corporate clients.
“Our investigation has found a single account had been compromised, granting limited access,” Microsoft said. “Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”
According to the blog post, the hacker group, which received the codename DEV-0537 by Microsoft’s cybersecurity researchers, has been increasing its geographic scope. Thus, it is targeting government institutions as well as the tech, telecom, and healthcare industries. According to Microsoft, they are also popular for stealing bitcoin accounts.
Lapsus$ has claimed on social media that it has infiltrated several significant IT firms in addition to Microsoft. Its Telegram channel was the first to report this week’s Microsoft, Okta hacks. It also reported a breach of LG Electronics Inc. employee accounts.
“Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks,” said Microsoft, based in Redmond, Washington. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations.”