Members of the LAPSUS$ hacker group had limited access to a Microsoft employee’s account for some time. The American hardware and software company confirms in a blog that she was the target of the hacker group. The damage was limited because the tech company had been monitoring the group for a long time.
Microsoft writes that in a blog.
Here’s what you need to know about LAPSUS$
LAPSUS$, also called DEV-0537 by Microsoft, is a hacker group that carries out cyberattacks from South America. The hacker collective initially targeted companies and organizations in the United Kingdom and Latin America. The group has since expanded its scope: in the past few weeks, LAPSUS$ has attacked several government agencies, media companies, telecom companies, and retail and healthcare organizations.
To perform an attack, LAPSUS$ does not use ransomware or other malware. Using compromised credentials or session tokens, the group gains access to computer systems, servers, and other applications. The affected systems usually work with a Virtual Private Network (VPN), Remote Desktop Protocol (RDP) or Virtual Desktop Infrastructure (VDI) from parties such as Citrix and Azure Active Directory. In some cases, the perpetrators took over an employee’s phone number in order to circumvent two-factor authentication. We also call this SIM Swapping.
LAPSUS$ makes many victims
NVIDIA is one of the recent victims of LAPSUS$. The attackers managed to get their hands on employee data and other critical business information. Reportedly, it involved 1 TB of data. To prove that they were in possession of sensitive company information, the hacker group published a number of screenshots on a public Telegram channel.
Another victim of LAPSUS$ is Samsung. The hackers claimed to be able to steal algorithms for all biometric unlock operations and the bootloader source code for all recent Samsung devices. The perpetrators also claim to have stolen the source code for Samsung’s activation servers and the technology to authorize and authenticate Samsung accounts. In total, it would be 190 GB of data. The South Korean tech company has confirmed the attack and said no personal information of employees or consumers was stolen.
Finally, Okta was allegedly hacked by LAPSUS$ earlier this week. The company makes authentication software that is used by thousands of companies worldwide, including Apple and Amazon. A hack could therefore have major consequences. The hacker group posted several images on Telegram Monday evening to prove that they have confidential information in their hands. Cybersecurity experts suspect that the screenshots are authentic. The images seem to suggest that the hackers had access to Okta’s digital environment as early as January.
LAPSUS$ steals (part of) source code from Microsoft products
Microsoft is the latest victim of LAPSUS$. Through a blog, the American hardware and software company says that the hacker group managed to gain access to the company network via an internal account. Microsoft says the damage has been limited because the company has been monitoring the hackers for some time. Thus, the Windows maker was able to intervene in time and recover the hacked account.
No customer data was stolen in the attack. Microsoft acknowledges that portions of the source code have been accessed. According to the company, this does not lead to an increased risk for customers. LAPSUS$ claimed early this week that sharing has stolen the software from the search engine, Bing. Furthermore, the hacker group says parts of the source code of navigation program Bing Maps and speech assistant Cortana have been able to obtain. Microsoft cannot confirm these LAPSUS$ claims.
Update: In a press statement, Okta admits that she was attacked by the LAPSUS$ hackers. According to the initial findings, data has been stolen from about 2.5 percent of the more than 15,000 customers. They have since been informed of the incident. The service is fully operational and customers do not need to take any action, said David Bradbury, Chief Security Officer (CSO) at Okta.
Catch up on more articles here
Follow us on Twitter here