Last night, after an investigation, Microsoft determined that it had experienced a hacking attempt from an entity codenamed DEV-0537. This entity has been identified by hacker collective Lapsus$, the group that recently conducted hack attacks on tech companies like Okta, Nvidia, Samsung, and Ubisoft.
According to the report from Microsoft Security, Lapsus$ had managed to compromise a single account, stealing several pieces of important source code from Microsoft products like Bing and Cortana. The report explains that “the objective of DEV-0537 actors is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction.”
“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code,” the report continues. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.”
Microsoft Security has been tracking criminal actor DEV-0537 (LAPSUS$) targeting organizations with data exfiltration and destructive attacks – including Microsoft. Analysis and guidance in our latest blog: https://t.co/gTMXJCoPY5
— Microsoft Security (@msftsecurity) March 22, 2022
“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”