Microsoft revealed that it was targeted in a hacking incident by a group known as DEV-0537, which is associated with the hacker collective Lapsus$. This group has recently carried out cyberattacks on companies like Okta, Nvidia, Samsung, and Ubisoft.
According to Microsoft Security, Lapsus$ was able to breach a single account and access vital source code from Microsoft products such as Bing and Cortana. The objective of the hackers was to gain elevated access through stolen credentials for data theft and potentially destructive attacks aimed at an organization, often involving extortion.
The report stated, “This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved. Our investigation found a single compromised account with limited access. Our cybersecurity response teams acted swiftly to address the breach and prevent further malicious activities.”
Microsoft Security has been tracking criminal actor DEV-0537 (LAPSUS$) targeting organizations with data exfiltration and destructive attacks – including Microsoft. Analysis and guidance in our latest blog: https://t.co/gTMXJCoPY5
— Microsoft Security (@msftsecurity) March 22, 2022
Microsoft emphasized that the security of its code does not solely rely on secrecy and that viewing the source code alone does not increase the security risks. The tactics employed by DEV-0537 in this breach align with those discussed in Microsoft’s security blog. The team was already investigating the compromised account based on threat intelligence when the hackers publicly disclosed their intrusion. This disclosure prompted immediate action to disrupt the operation and minimize the potential impact.