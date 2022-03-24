Share the joy

Lapsus$ was responsible.

Microsoft Disclosed Breaches

Microsoft confirmed that its system was compromised by Lapsus$. In a blog post, the company stated that:

“The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail, and healthcare sectors. DEV-0537 is also known to take over individual user accounts at cryptocurrency exchanges to drain cryptocurrency holdings.”

The hack was limited and customers are not affected by the breach.

To prevent similar hacks, though, Microsoft recommended multi-factor authentication for all users. It also encouraged the use of strong passwords. Having passwordless authentication may also be used. As an added layer of authentication, a VPN is highly suggested.

On March 22, Lapsus$ claimed it has breached the company and began to dump files taken from the cyberattack. The group started to distribute a 10GB compressed archive that contains internal data on the Bing search engine and its Maps, with source code to Microsoft’s Cortana.

Lapsus$ said in the group’s public chatroom that it has dumped 45% of Bing and Cortana and 90% dumped Bing Map.

BleepingComputer stated that if the archive is done compressing, it would expand to 37GB and would contain source code to more than 250 projects belonging to Microsoft.

The file dump may expose sensitive data about Microsoft, including information on software certificates. Cybercriminals could exploit the data further.

The bad actors have already lost access to the company’s system. One of its members stated in its public chat that it would have been a complete dump but they were all tired.

The group also claimed that it breached Okta. It’s a company that manages authentication systems for more than 10,000 brands. Companies utilize OKta to secure their identities.

By retrieving those private keys, the gan might have access to corporate applications and networks.

However, the group said that it didn’t steal Okta’s database. However, it did target its corporate customers.

But Okta stated that it has detected an attempt to hack the account. The incident was contained later. Okta also stated that there’s no proof of ongoing malicious activity beyond the activity that it did detect in January.

Although the hack wasn’t a success, experts don’t want to dismiss the group as an immature cybercriminal group. The reason for this is that the tactics used would prompt those who are in charge of security to seriously consider their security.

Lapsus$ gains unlawful access to its targets through social engineering.

“The actors behind DEV-0537 focused their social engineering efforts to gather knowledge about their target’s business operations. Such information includes intimate knowledge about employees, team structures, help desks, crisis response workflows, and supply chain relationships. Examples of these social engineering tactics include spamming a target user with multifactor authentication (MFA) prompts and calling the organization’s help desk to reset a target’s credentials.” Microsoft

Share this: Reddit

Email

Facebook

Tumblr

Pinterest

Skype

Twitter

LinkedIn

