Microsoft admits to being hacked by hacker group LAPSUS$

by do son ·

Microsoft LAPSUS$
Yesterday, the South American hacker group LAPSUS$ announced that it had penetrated Microsoft’s internal development environment and stole the source code of some product lines. The affected product lines are mainly Microsoft Bing Search, Bing Maps, and Microsoft Cortana. The decompressed data package size is 13GB but the potential value is not high.
At that time, security researchers speculated that Microsoft had discovered the attack and protected it, otherwise hackers should continue to lurk and steal data. Microsoft’s latest security blog post confirms this, saying the company had detected related threats before the hackers released the data.
The latest investigation report is jointly released by the Microsoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), and Microsoft 365 Defender Threat Intelligence Team.  Microsoft has dubbed the hacking group DEV-0537, and the hacking group is for pure extortion and sabotage, not a preference for deploying crypto-ransomware.
DEV-0537 publicly posted on social media that they wanted to buy the internal accounts of large enterprises, and they were willing to provide compensation for these accounts. Researchers explain:

In some cases, DEV-0537 first targeted and compromised an individual’s personal or private (non-work-related) accounts giving them access to then look for additional credentials that could be used to gain access to corporate systems. Given that employees typically use these personal accounts or numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.

If the target’s internal network is successfully compromised, DEV-0537 will also search for unpatched software vulnerabilities on internal servers, thereby escalating their privileges.
The Microsoft security team also admitted at the end of the blog post that the company was indeed hacked by this hacker group, and the leaked data did not contain customer code and data. Microsoft said it had detected the threat before the hacking group released the data, and an investigation found accounts had been compromised and had been granted limited access. Microsoft said the company does not rely on securing source code to ensure security, so these source code and data leaks will not have any impact on Microsoft.

Microsoft makes the following recommendations for businesses:

DEV-0537 leverages legitimate credentials to perform malicious actions against customers. Since these credentials are legitimate, some activity performed might seem consistent with standard user behavior. Use the following recommendations to improve your cloud security posture:

Tags: LAPSUS$Microsoft