Microsoft Confirms LAPSUS$ Hacking Group Given ‘Limited Access’ During Strike

CC0 / / Cybercrime
Cybercrime - Sputnik International, 1920, 23.03.2022
In 2021, the Biden administration issued a new security guidance meant to combat the effects of cyberattacks after several industries came under ransomware attacks that year. The measures included keeping backups offline, testing incident response plans, hiring third party “pen testers” to test security and segmenting networks, among other efforts.
Microsoft has confirmed that it is investigating a breach of its internal servers by the hacking group known as LAPSUS$, which the tech giant described as one that “doesn’t seem to cover its tracks.”
The company detailed in a late Tuesday release that the hacking group had compromised a “single account,” while also indicating that Microsoft had been tracking the group’s activity for several weeks.
“Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” reads a blog post issued by Microsoft.
“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”
The public disclosure referenced by Microsoft is the group’s earlier move to share an image on its Telegram account that showed it had gained access to a Microsoft Azure DevOps account, a collaborative developer platform Microsoft employees use.
The screenshot shows access to “Bing_UX,” “Bing-Source,” “Bing-STC-SV” and “Cortana,” among others. Potentially indicating that the user gained access to other Microsoft projects as well, the image also showed sections for “mscomdev,” “microsoft” and “msblox.”
According to Vice, the image was quickly deleted by one of the group’s Telegram administrators, with the promise to repost it soon.
LAPSUS$ is a relative newcomer to the hacking group scene. It first made waves in December 2021 when it breached the servers of several Brazilian and Portuguese companies, as well as the Ministry of Health of Brazil.
However, in 2022, the group made bigger headlines by leaking data from tech giants Nvidia, Samsung and possibly Ubisoft.
According to reports, the group usually asks for payment in exchange for not leaking data, usually in the form of bitcoin. However, in the case of the Nvidia hack, the group demanded that Nvidia open-source its video drivers to make it easier to mine cryptocurrencies like Ethereum using the company’s 30-series of video cards.
Nvidia intentionally limited the cards’ cryptocurrency mining capabilities in hopes of driving down the costs for gamers and other users. At the time, cryptocurrency miners were blamed for increasing video card prices, as miners were buying the cards in bulk for mining farms.
Unlike many hacking extortion groups, LAPSUS$ does not incorporate ransomware. Instead, they blackmail companies with the threat of public exposure.
Ransomware is a technique used to extort businesses and individuals. Files on a server are cryptographically locked by the group which then demands payment, usually in the form of cryptocurrency, in order to unlock the files. Oftentimes the demand comes with a timer after which the price will either increase or the files will be deleted or leaked.
Ransomware has some drawbacks as the cryptographic keys to unlock the files have to be stored somewhere, and giving them to the victim opens up the possibility of being tracked. Keys can also be stored on other hacked websites but if that website’s owner finds the breach before the victim pays the ransom, the keys could be lost forever, effectively making paying the ransom less attractive since there is no guarantee of success.
In a March 10 Telegram post, LAPSUS$ stated that it is recruiting rogue employees, specifically pointing to IBM, Apple and Microsoft. They say they aren’t interested in data troves but instead want employee usernames and passwords to access company networks.
The latest comes years after Microsoft suffered a leak in 2020 that resulted in the source code for Windows XP and other early software being posted on
Let's stay in touch no matter what! Follow our Telegram channel to get all the latest news:
To participate in the discussion
log in or register
Заголовок открываемого материала