https://www.vice.com/en/article/y3vk9x/microsoft-hacked-lapsus-extortion-investigating
Microsoft is investigating claims that an extortion-focused hacking group that has previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal Microsoft systems, according to a statement from the company.
The hacking group, which goes by the self-designated name LAPSUS$, has successfully breached a wave of corporations recently. LAPSUS$ sometimes makes unusual ransom demands of its victims, including asking Nvidia to unlock aspects of its graphics cards to make them more suitable for mining cryptocurrency. The group has so far not made any public demands against Microsoft.
On Sunday, LAPSUS$ posted a screenshot of what appeared to be an internal Microsoft developer account to their Telegram channel. The screenshot appeared to be from an Azure DevOps account, a product that Microsoft offers that allows developers to collaborate on projects. Specific projects shown in the screenshot include “Bing_UX,” potentially referring to the user experience of Microsoft’s Bing search engine; “Bing-Source,” indicating access to the source code of the search engine; and “Cortana,” Microsoft’s smart assistant. Other sections include “mscomdev,” “microsoft,” and “msblox,” indicating whoever took the screenshot may have access to other code repositories as well.
Shortly after posting the screenshot, an administrator of LAPSUS$’s Telegram channel deleted the image.
“Deleted for now will repost later,” they wrote.
On Sunday, a Microsoft spokesperson told Motherboard in an email that “We are aware of the claims and are investigating.”
Earlier this month the group said on its Telegram channel that it was seeking employees inside companies who would be willing to work with them, including Microsoft.
“We recruit employees/insider at the following!!!!,” the group wrote on March 10, followed by a list of sectors such as telecommunications firms, large software or gaming companies, or data hosts. In the message, the group explicitly pointed to Apple, IBM, and Microsoft as companies they would be interested in. “TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk,” the message added, describing particular ways that the hackers may be able to access target companies’ networks with the rogue employee’s help
Leave a Reply