Microsoft confirmed that hacking group ‘Lapsus$’ compromised a “single account” and accessed partial source code for Bing and Cortana.
The company confirmed the breach in a blog post and detailed what Lapsus$ — or ‘DEV-0537’ as Microsoft calls the group — got from the breach. According to Microsoft, no customer code or data was involved. The company says that Lapsus$ only compromised one account, and Microsoft’s security teams responded quickly to remediate the account and prevent further activity.
Moreover, Microsoft said that it doesn’t rely on the secrecy of source code as a security tool. In other words, Microsoft assumes attackers will access source code, and so relies on other tools to protect itself. The company made a similar remark following the massive Solarwinds breach in 2020.
Lapsus$ claimed it got access to around 45 percent of the code for Bing and Cortana, as well as some 90 percent of code for Bing Maps.
The Verge notes that the Lapsus$ group claimed to be behind several recent security attacks and said it stole data from Okta, Samsung, Ubisoft, and Nvidia. While some of the companies have admitted data was stolen, Okta refuted the group’s claims and said its service hadn’t been breached.
Microsoft wrapped up its blog post by outlining steps organizations can take to improve security, especially in regard to Lapsus$. The company described the Lapsus$ attack pattern as gaining “access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.”
With that in mind, Microsoft suggests organizations require employees to use multi-factor authentication, or MFA (also called two-factor authentication, or 2FA). MFA involves using multiple methods of authenticating users, such as passwords combined with a one-time passcode (OTP) sent via email, SMS, or through an authentication app. Of the three, Microsoft recommends using a dedicated authentication app to avoid vulnerabilities with email or SMS OTP codes, such as SIM swap attacks commonly used to intercept these codes.