Microsoft confirms breach by same hackers that targeted Samsung
According to Microsoft, Lapsus$, also known as DEV-0537, was behind the hack
March 23, 2022 7:04pm
Updated: March 24, 2022 10:13am
Microsoft confirmed on Tuesday that its security system was breached by the same hacker group that hacked Samsung earlier this month.
“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access,” said Microsoft in a statement.
“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” the company added.
According to Microsoft, Lapsus$, also known as DEV-0537, was behind the hack. On Monday, Lapsus$ shared a file containing parts of the source code for Microsoft’s Bing, Bing Maps, and Cortana.
“The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads,” read the statement.
Lapsus$ recently hacked the technology company Nvidia and tried to blackmail it, threatening to leak its data unless it removed cryptocurrency mining from GPUs. The South American hacking group also breached Samsung earlier this month, stealing their Galaxy source code.
“DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail, and healthcare sectors. DEV-0537 is also known to take over individual user accounts at cryptocurrency exchanges to drain cryptocurrency holdings,” Microsoft added.
Microsoft has not shared any details about how the accounts were compromised. However, the company said it would continue to monitor the hacker group’s activity and strengthen its customer protection.