Connect with us

Hi, what are you looking for?

Technology

Microsoft confirms hacking group stole source code via ‘limited access’

In brief: Microsoft has confirmed claims made earlier this week by hacking group Lapsus$ that it was the victim of a cybersecurity incident. Redmond seemingly dismissed the matter as no big deal, noting it was already looking into the issue before the group went public and downplaying the importance of secure source code.

A blog post addressing the matter notes that Microsoft’s investigation uncovered a single account had been compromised, which granted the attacker “limited access.” According to Microsoft, their team was already investigating the compromised account when Lapsus$ publicly disclosed the intrusion.

If you recall, the group released a dump earlier this week containing around 37GB worth of Microsoft data. The haul reportedly included portions of source code for Bing, Bing Maps and Cortana.

Microsoft said it “does not rely on the secrecy of code as a security measure,” adding that viewing source code does not lead to an elevation of risk.

Microsoft also touched on some of the group’s preferred tactics, many of which aren’t all that common among threat actors. Examples include phone-based social engineering, SIM-swapping, accessing personal e-mail accounts and even paying employees, suppliers or business partners of target organizations for access to credentials or multi-factor authentication (MFA) approval.

Redmond additionally provided tips that organizations and individuals can use to protect themselves, including using MFA, avoiding phone-based MFA methods and leveraging passwordless authentication like Windows Hello, Microsoft Authenticator or FIDO tokens.

Advertisement. Scroll to continue reading.

Lapsus$ has been extremely busy this year, having already hit big tech targets including Nvidia, Samsung and Vodafone. Authentication firm Okta has also fallen victim, with the company updating its statement to confirm that around 2.5 percent of its clients have potentially been impacted and whose data may have been viewed or “acted upon.”

Image credit Aktar Hossain

Click to comment

Leave a Reply

Latest

Online Business Success

A representational image. — Geo.tv/Sana Batool Per capita income increased from Rs268,223 in 2020-21 to Rs314,353 in 2021-22. For fiscal year 2021-22, provisional GDP...

Loan And Finance

The $180 billion gaming sector is forecast to be worth over $200 billion by 2023, and its rise has presented a number of revenue...

Top Stories

Asia-based genomics firm Genetica and Web3 data management firm Oasis Labs have partnered to tokenize genomics profiles with the aim to enhance genomics-based precision...

Online Business Success

Sapphire Partner Annalise Dragic Sapphire While women are still underrepresented in leadership roles in venture capital firms, there are signs of progress. Last December,...

Technology

Apple TV+ has held a second premiere for Prehistoric Planet, its “highly anticipated natural history event series” that will be narrated by Sir David...

Top Stories

The crypto job market shows few signs of slowing down despite high profile cases of staff layoffs and hiring freezes across big tech companies. ...

Advertisement

You May Also Like

Uncategorized

Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...

Advertisement