Microsoft confirms Lapsus$ breach; hackers say obtained source code for Bing, Cortana

Microsoft said that the hacker group Lapsus$ gained “limited access” to its systems, following a claim by the group that it obtained source code for the Bing search engine and Cortana voice assistant.

By:BLOOMBERG
| Updated on: Aug 22 2022, 10:52 IST
Microsoft
Microsoft Corp. said that the hacker group Lapsus$ gained “limited access” to its systems, following a claim by the group that it obtained source code for the Bing search engine and Cortana voice assistant. (Dado Ruvic/REUTERS)

Microsoft Corp. said that the hacker group Lapsus$ gained “limited access” to its systems, following a claim by the group that it obtained source code for the Bing search engine and Cortana voice assistant.

The software giant had been tracking the activities of Lapsus$ -- which it labels a “large-scale social engineering and extortion campaign” -- for several weeks and provided some details on the methods of its attacks in a blog post late Tuesday. Lapsus$ had previously breached the cybersecurity defenses of Nvidia Corp. and Samsung Electronics Co., and this week also claimed to have gained access to the system privileges of Okta, the San Francisco-based company that manages user authentication services for thousands of corporate clients.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

“Our investigation has found a single account had been compromised, granting limited access,” Microsoft said. “Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”

Also read
Looking for a smartphone? To check mobile finder click here.

The hacking group, which has been given the designation DEV-0537 by Microsoft's cybersecurity researchers, has been expanding the geographic range of its targets and going after government organizations as well as the tech, telecom and health-care sectors, according to the blog post. They are also known for hijacking cryptocurrency accounts, Microsoft said.

Lapsus$ has made claims on social media that it's infiltrated several large tech companies besides Microsoft. Its Telegram channel was first to announce the Microsoft and Okta breaches this week and also included mention of breaching employee accounts of LG Electronics Inc.

“Unlike most activity groups that stay under the radar, DEV-0537 doesn't seem to cover its tracks,” said Microsoft, based in Redmond, Washington. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations.”

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 23 Mar, 15:28 IST
Tags:
NEXT ARTICLE BEGINS