Microsoft admits being hacked; claims nothing at risk

Washington: Tech giant Microsoft Corp admitted that the hacker group Lapsus$ breached its systems but had "limited access". Lapsus$ had recently claimed that they hacked Microsoft and obtained source code for the latter's search engine, Bing, and Cortana voice assistant, Bloomberg reported.

In a blog post on Tuesday, Microsoft said that it had been monitoring Lapsus$'s activities, which it alleged is a "large-scale social engineering and extortion campaign". It observed Lapsus$ for some weeks, it said and detailed the methods of the Lapsus$ attacks in the blog post.

Microsoft said their investigation found that only a single account had been compromised. Their cybersecurity response has acted immediately and stopped further activities in the compromised account. Microsoft does not rely on the secrecy of the source code as a security measure, and someone accessing it does not lead to severe risk.

The blog post further said that Microsoft had designated the hacker's team as DEV-0537. It noted that Lapsus$ has been expanding the geographical area of its targets, including government organizations, tech, telecom and healthcare sectors. Also, the hacker team is known for hijacking cryptocurrency accounts, it said. It said that unlike most of the hacking groups, Lapsus$ does not cover its tracks. They announce their attacks on social media or advertise their intentions to buy credentials from employees of target organizations, Microsoft said.

Earlier, Lapsus$ had hacked the cybersecurity defences of Nvidia Corp. and Samsung Electronics Co. It had claimed earlier this week that it won access to the system privileges of Okta, a San Fransisco based company. The latter claim has significance since Okta manages user authentication services for thousands of corporate clients. Through its Telegram channel, it also claimed that it had breached more companies, including the employee accounts of LG Electronincs Inc.