• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Microsoft confirms it’s been hacked by the same group that targeted Nvidia, Samsung



Microsoft has confirmed its been victim to a cyber attack and had partial source code for Bing and Cortana stolen, following an earlier claim from hacker group Lapsus$.

In a statement, the corporation confirmed that the group, which Microsoft calls “known for using a pure extortion and destruction model without deploying ransomware payloads”, had compromised “a single account”.

This is the latest in a string of alleged attacks by Lapsus$. Earlier this month we reported that the group had claimed responsibility for a cyber attack on Nvidia.

Then, only a week later, the group claimed to be behind an attack on Samsung which saw a significant amount of data stolen, including algorithms for all biometric tech that Samsung uses across its products.

In a lengthy statement from Microsoft, the company outlined how the attack happened, and its recommendations for increased countermeasures against future attacks. The corporation also stated what it believes are the motivation and goals of Lapsus$ (which Microsoft refers to in the post as DEV-0537).

“Microsoft Threat Intelligence Center (MSTIC) assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” the blog post reads.

Microsoft has also stressed that while the breach did occur, it believes that “no customer code or data was involved in the observed activities”. It added: “Our investigation has found a single account had been compromised, granting limited access.”

The company concluded by providing recommendations to other corporations that may be targets of the hacker group, including showing a screenshot from a WhatsApp conversation wherein the group cites a list of targets including Apple, EA and more.

“Multifactor authentication (MFA) is one of the primary lines of defence against DEV-0537. While this group attempts to identify gaps in MFA, it remains a critical pillar in identity security for employees, vendors, and other personnel alike”.

Microsoft plans to update this blog post as more information about the attack is uncovered in its internal investigation

Honey Bunny

Hyped for Binbows 11


I cry about SonyGaf from my chair in Redmond, WA
Microsoft has confirmed its been victim to a cyber attack and had partial source code for Bing and Cortana stolen
Seems like the only person in the world using bing was tired of the bugs and wanted to fix the bugs himself.

And listening to sexy cortana while he does it.
Top Bottom