Microsoft has confirmed that hacker group Lapsus$, which is also responsible for data breaches at Nvidia, Samsung and Okta, has gained limited access to its systems. The company confirmed the breach after the hacker group shared a file this week that reportedly contained partial source code for Bing and Cortana.
“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft wrote in a blog post.
Furthermore, the company said that it had been actively tracking the threat group internally known as DEV-0537 or LAPSUS$ for a while now. “Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks. They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organisations,” Microsoft added in the blog post.
Talking about the tactics used by the company, Microsoft said that Lapsus$ uses a combination of phone-based social engineering and SIM-swapping to gather information about targeted individuals and organisations.
“DEV-0537 also uses several tactics that are less frequently used by other threat actors tracked by Microsoft. Their tactics include phone-based social engineering; SIM-swapping to access personal email accounts of employees at target organisations, paying employees, suppliers, or business partners of target organisations for accessing the credentials and multifactor authentication (MFA) approvals.”
The company also found incidents wherein the hacker group gained access to target organisations through recruited employees or business partners. The group even advertised that it wanted to ‘buy credentials for their targets to entice employees or contractors to take part in its operation.’
“The actor has been observed then joining the organization’s crisis communication calls and internal discussion boards (Slack, Teams, conference calls, and others) to understand the incident response workflow and their corresponding response,” the company added.
How to safeguard yourself from such attacks
Microsoft has listed several steps that can be taken to safeguard individual accounts and company data from such hacker groups. The list includes using multi-factor authentication (MFA), using secure implementations such as FIDO Tokens, or Microsoft Authenticator with number matching, using complex and hard-to-guess passwords, and using biometric-based password authentication tools such as Windows Hello. The company also recommends avoiding telephony-based MFA methods to avoid risks associated with SIM-jacking.
The post Microsoft confirms Lapsus$ hacker group breached its systems appeared first on BGR India.
from BGR India https://ift.tt/X8oCltf
via
IFTTT
Comments
Post a Comment
add