James Martin/CNET
Microsoft confirmed on Tuesday that an attack linked to the Lapsus$ hacking group was given “limited access” to a single account, adding that its security teams were suspending the effort.
The revelation comes after the South American hacking group, which has been linked to data breaches at Samsung and Nvidia, said Monday it had hacked into Microsoft and obtained partial source code for Microsoft products Bing, Bing Maps and Cortana. Microsoft said its researchers have been tracking the group it calls DEV-0537 for weeks as it attacked government, technology, telecom, media, retail and healthcare around the world.
“DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads,” according to a blog post Tuesday on the Microsoft Threat Intelligence Center. “DEV-0537 has also been known to take over individual user accounts at cryptocurrency exchanges to get rid of cryptocurrency holdings.”
Microsoft said the group’s tactics include phone-based social engineering, SIM swapping, and paying employees and suppliers at targeted organizations for access to credentials. Lapsus$ doesn’t appear to be hiding its activity, Microsoft said, adding that the hackers go so far as to advertise credentials and use social media to announce their attacks.
“Our team was already investigating the compromised account based on threat intelligence when the actor made his intrusion public,” the blog post read. “This public disclosure escalated our action allowing our team to step in and interrupt the actor midway through surgery, limiting its broader impact.”
The attack came at a time when data breaches across all industries were on the rise. According to a report by the Identity Theft Resource Center, data breaches rose 68% year over year in 2021 to the highest total ever.
DEV-0537 also claimed responsibility for a data breach attempt in January from identity authentication giant Okta. However, Okta CEO Todd McKinnon said Tuesday that the January event was “withheld” and there has been no evidence of continued malicious activity since then.
Receive the CNET Windows Report Newsletter
Get smarter with the latest Microsoft news, reviews, and advice on Windows PCs. Wednesday delivered.
This post Microsoft Says Lapsus$ Hackers Got ‘Restricted Access’ To One Account
was original published at “https://www.cnet.com/tech/services-and-software/microsoft-says-lapsus-hackers-gained-limited-access-to-a-single-account/#ftag=CAD590a51e”