Microsoft, one of the world’s largest companies, has become the latest victim of a cyberattack, that has resulted in the theft of some of its source code. The perpetrator of the attack, according to both Microsoft and the group itself, is the supposedly South America-based Lapsus$.
Lapsus$ has also claimed responsibility for recent attacks targeting groups like Samsung, Nvidia, Ubisoft, and Okta. Just like Microsoft, Samsung and Nvidia have confirmed the attacks on their organisations while Okta has refuted any claims of a hack.
Lapsus$ posted a 37GB archive, which it claims, holds partial source code for Microsoft’s browser Bing and Microsoft’s AI assistant Cortana. The group stated that it had secured around 45 percent of the source code for Bing and Cortana, along with nearly 90 percent of the source code for Bing Maps.
Microsoft confirmed the hack on March 22, stating that it had found that the group, which Microsoft calls DEV-0537, managed to compromise a single account and gained limited access. Microsoft was able to shut the account down and prevent any further breach of data, though it is suggested by others that the group had claimed the breach before it had secured the data, and as a result was booted out before it could finish its operation.
“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft stated on its security blog.
Microsoft stated that it had been studying the group for weeks and the cyberattack is motivated by theft and destruction.
“Microsoft Threat Intelligence Center (MSTIC) assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” the company stated.
This is not the first time that Microsoft has been on the receiving end of a cyberattack that has accessed its source code. In December 2020, Microsoft was one of the targets of the massive Solar Winds cyberattack conducted by multiple Russian hacker groups.
