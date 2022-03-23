In the recent past, a hacker group that goes by the name Lapsus$ has targeted a lot of companies. At first, there were reports about how the hacker group targetted Nvidia and obtained data about other companies as well. Now, the same group seems to have hacked Microsoft as the company itself acknowledged the security breach and has provided information on the same.

An official security post published by Microsoft on March 22, 2022, reads, "the activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads." Adding to it, the post says "DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail and healthcare sectors."

LAPSUS$ extortion group has released source code to Bing, Bing Maps, and Microsoft Cortana.



They state that each release is incomplete (not the entire source code). — vx-underground (@vxunderground) March 22, 2022

The creator of Windows has confirmed that the Lapsus$ group comprised one account and gained access to parts of source code for some of Microsoft's products. However, Microsoft says that the code that has been leaked is not crucial and would not cause an elevated risk. Additionally, the Redmond-based company also says that its security team ceased the illegitimate access as soon as they became aware of it.

On the other hand, the attacked group claims that it has about 45% code for Microsoft's search engine Bing and the voice assistant Cortana. Further, it has also obtained about 90% code for Bing Maps. It is worth mentioning that this is the same group that hacked graphics card manufacturers Nvidia obtained data about several other companies including Ubisoft and Samsung. Microsoft is the latest target of the Lapsus$ group.

According to a report by The Verge, a group allegedly representing Lapsus$ took responsibility for the Ubisoft hack on their Telegram channel. The hacker group replied with a smirk to someone who shared the link of the report published by the publication. This seems to be the second hack by Lapsus$ in recent time, and it is not known whether the group will target other companies in the future or not.

Image: UNSPLASH