Elain Brown Tech 03.22.2022 22:Mar PM EDT

Microsoft Confirms Lapsus$ Hack, Details Steps To Enhance Security

Microsoft confirms that the Lapsus$ hack of the Microsoft Azure DevOps is true, naming the actors DEV-0537. Microsoft released a statement in their blog post today confirming the claims of Lapsus$ that they were behind the data breach.

Lapsus$ posted a screenshot in their Telegram account with a photo of the now confirmed hacked files in their group chat. Within the screenshot can be seen the hacked files that belong to source code repositories for Bing, Bing Maps, and Cortana.

Microsoft Confirms Lapsus$ Hack

Microsoft was asked about the hacking of Lapsus$ in their systems after the leaks and rumors have resurfaced online. However, Microsoft stated yesterday that they are investigating the claims of Lapsus$.

As reported by The Verge, on March 23 today, after the investigation done by its cybersecurity team, Microsoft confirmed the data breach of Lapsus$.

In addition, Microsoft admitted that they have been looking closely at the activities of the threat actors even before they decided to breach the company. Microsoft names Lapsus$ as DEV-0537.

Microsoft clarified that there was no involvement of a customer's data being compromised during the data breach of source code from DEV-0537.

After conducting an investigation, Microsoft discovered that only a single account has been compromised, resulting in limited access.

Microsoft has an extensive cybersecurity team, with that, the cybersecurity response teams were dispatched as soon as the compromised account was discovered in order to prevent further infiltration.

As reported by iTech Post, Microsoft states: "This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn't tied to elevation of risk."

Since Microsoft has already been investigating DEV-0537, the Microsoft cybersecurity respondents were already familiar with the strategies, tactics, and techniques DEV-0537 employed in this incursion.

When Lapsus$ made the claims publicly, the Microsoft team had already begun analyzing the compromised account based on threat data gathered at the time.

Microsoft also revealed that the threat actors were stopped in the middle of their operations which reduced the broader impact of the incident.

Lapsus$ Hacks

Lapsus$ was also the threat actor responsible for breaching Samsung, Vodafone, Ubisoft, Mercado Libre and NVIDIA.

This Lapsus$ breached a surmountable amount of data in NVIDIA. Just recently, Lapsus$ breaching data in NVIDIA is claimed to be for the gaming and mining community.

Lapsus$ stole 1TB of data from the GPU company in response to an Ethereum hash rate limiter that was installed on the company's most recent graphics card release; which resulted in the company being held to ransom.

It has also done the same to Samsung and Ubisoft. DEV-0537 initially targeted organizations in the United Kingdom and South America, but it has since expanded to include organizations throughout the world, including those in the government, technology, telecommunications, media, retail, and healthcare sectors.

However, one of Lapsus$' alleged victims, Okta, denied that they were hacked by the ransomware gang.

In the blog post published by Microsoft, the company also revealed how the Lapsus$ group was able to make the attack possible. Included in the article are ways companies can mitigate the infiltration of Microsoft in their systems. Microsoft stated:

"DEV-0537 also uses several tactics that are less frequently used by other threat actors tracked by Microsoft.

Their tactics include phone-based social engineering: SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets."