Hacker group Lapsus$ had breached Microsoft, and it claimed that they compromised the source code of various Microsoft products. The IT giant confirmed by stating that the hacker obtained “limited access” from one account, which Lapsus$ compromised. However, the risk from this Microsoft breach was not high.

The hack came to light after Lapsus$ posted a message on the Telegram app with a photo that showcased the internal source code they claimed arose from the Microsoft servers. Worsening the matter was that the source code concerned Bing and Cortana products.

Microsoft Incident Response

Microsoft came forth by giving out the details as to how Lapsus$ targeted its products and admitted that the attack group employed attack tactics. Even so, the company downplayed the severity of the breach. “No customer code or data was involved in the observed activities,” according to the official Microsoft blog post.

“Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion,” according to the Microsoft post.

“This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

Lapsus$ group had previously breached Okta, Nvidia, Samsung, and other well-known companies. In the Okta breach, the Lapsus$ group may have compromised 366 customers as their data was misused after the attack. Moreover, they targeted Okta’s support subcontractor and gained unlawful access.

In Nvidia’s scenario, they demanded ransomware where it asked the company to make graphics cards much more compatible for crypto mining. Samsung was candid to admit that the Lapsus$ attack compromised 190 gigabytes of sensitive data.

After posting on Telegram regarding the Microsoft breach, Lapsus$ took down the post and posted a follow-up message: Deleted for now will repost later.

Useful Link: Cyber Security Compliance Advisory Services and Solutions

Kelly Yeh, President of Microsoft partner company Phalanx, opined that massive companies such as Microsoft are constantly under threat. Judging by Microsoft’s response, Lapsus$ didn’t appear to have compromised much of sensitive data regarding Microsoft customers.

“Still, this shows that even companies with great processes and security systems can be compromised, so vigilance and best practices should be utilized as much as practical,” Yeh said.

David Cox, Vice President of G6 Communications, said that an MSP educates their employees to respond to clientele after notifying the staff about the breach. “After we evaluate the potential impact on our client’s operations, we work with them to develop a plan to address any concerns they have,” Cox said. “The last thing we do is add it to the long list of events we track.”

He opined that the Lapsus$ hack “is a little different in that it doesn’t directly impact our clients the way the Log4j vulnerability did.”

Useful Link: Identity and Access Management (IAM) Services

Who is Lapsus$?

Lapsus$ is one of the latest threat actors. As per Microsoft breach, it relies on extortion alone and employs a destruction model devoid of ransomware payloads. It has targeted various bigshot organizations since it has emerged. Companies, government departments, and health care offices are Lapsus$’s prey.

The group boldly advertises its hacking intentions, and it dupes the help desk executives to execute their hack. From a faux accent to harmless askance regarding the account security questions, Lapsus$ finds ways to gain entry into the targeted organization.

“Since many organizations outsource their help desk support, this tactic attempts to exploit those supply chain relationships, especially where organizations give their help desk personnel the ability to elevate privileges,” stated Microsoft.

Useful Link: Managed IT Security Services and Solutions

Microsoft Breach Aftermath

Microsoft asked its users to employ Multifactor Authentication (MFA) and fortify the network connections with Virtual Private Network (VPN). It doled out a bunch of protective instructions which are meant to pre-empt a potential hack.

The IT giant also asked users to avoid Fast Identity Online (FIDO) tools and instead switch to MFA. In addition, the same crowd should avoid text messages and potential weak points such as secondary email ids.

Lapsus$ is wreaking havoc using legitimate credentials. Hence, it would be wise for security experts to oversee the Conditional Access user access and monitor Azure’s Active Directory Identity Protection for any potential risks and gaps.

Microsoft also asked the employees to stay on their toes for unauthorized attendees in the incident response communications channels. It would be in everyone’s best interests to perform audio-visual confirmations.

Contact Us

More Cyber Security News:

• Red Cross Data Breach Compromises Thousands of Records
• USD 34 Mln Stolen in Crypto.com Breach! 483 Accounts Affected
• Flexbooker Suffers Massive Data Breach, Millions Of Users Compromised
• Broward Health Data Breach: Data of 1.3Mn Patients Ends Up in Wrong Hands!
• Researchers Discover Microsoft Defender Flaw that Enables Hackers to Evade Detection!