Microsoft confirms that its systems were compromised during a cyberattack carried out by LAPSUS$, a hacker group.
According to Microsoft, LAPSUS$ had hacked into one of its accounts, giving it “limited access” to corporate networks but not customer data.
Microsoft provided clarity on this matter through a recently uploaded blog. LAPSUS$, also known as DEV-0537, is famous for employing a pure extortion and destruction strategy with no ransomware payloads.
Microsoft had been conducting an internal investigation regarding the compromise, but the public disclosure of the episode escalated the situation and allowed the team to accelerate their actions.
“Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure, and viewing source code does not lead to elevation of risk,” said Microsoft.
The extremely notorious South American hacking group LAPSUS$ had earlier targeted multiple companies, including some giants like NVIDIA, Samsung, Okta, Ubisoft, and others.
NVIDIA validated that its network was compromised in a cyberattack that resulted in a leak of its proprietary data and employee login information. LAPSUS$ claimed to have a GPU driver capable of bypassing NVIDIA’s Ethereum mining limiter on the company’s RTX 3000 graphics cards.
Okta mentioned that an attempt was made to compromise the account of a third-party customer support engineer who worked for one of our subprocessors, which was then investigated and contained.
LAPSUS$ used to attack targeted bitcoin accounts, causing wallets and cash to be compromised and stolen. However, recently, the hacking group has diversified its targets and is now attacking various telecommunication, higher education, and government organizations.
Microsoft says that LAPSUS$ understands the interrelated nature of identities and trust relationships in current technological ecosystems and seeks out companies that may use their access from one organization to gain access to partners or suppliers.
Moreover, the group does not operate anonymously. Instead, it spreads words regarding its cyberattacks on companies.