This week, the hacking group Lapsus$, infamous for claiming to have hacked Samsung, Nvidia, and more, claimed it had even hacked Microsoft. The group posted a claimed file containing partial source code for Cortana and Bing in an archive holding nearly 37GB of data.
After investigating, the global tech giant confirmed the group that it has named DEV-0537 infiltrated ‘a single account’ and stole parts of source code for some of its products. In a blog post on its security site, Microsoft investigators said they had been tracking the Lapsus$ group for weeks and detailed some of their techniques to compromise victims’ systems. According to the Microsoft Threat Intelligence Center (MSTIC), the objective of the DEV-0537 hackers was to gain elevated access through stolen credentials that would enable data theft and destructive attacks against a targeted organization, often resulting in extortion. The objectives and tactics indicated a cybercriminal actor motivated by robbery and destruction.
Microsoft claims that the leaked code is not severe enough to cause an elevation of risk, and the firm’s response teams shut down the hackers’ mid-operation.
If the statements are to be believed, then Lapsus$ has been on a tear lately. The international hacker group says it’s had access to data from Okta, Samsung, Nvidia, Ubisoft, and now Microsoft.