Lapus$ is a hacking group known for hacking Samsung, Nvidia, and other organisations, which has of late announced that it had successfully hacked Microsoft. The hacker group posted an online archive file of 37GB which contained partial source code for Cortana and Bing.
Microsoft, after investigation, on Tuesday conceded that DEV-0537 (the same group by a different name) had attacked one single account and also stolen parts of a source code for a few of its products. In a blog post, it was revealed that investigators from Microsoft had been tracking Lapus$ for a long time, and also detailed some methods that the group used to get access to systems of victims.
The Microsoft Threat Intelligence Counter (MSTIC) said that the hacker’s objectives were to gain high access through using stolen credentials which would enable theft of data and acts of destruction against the targeted organisation with the aim of extortion. It further said that the code leak was not severe enough to cause risk elevation and the response team at Microsoft had shut down the hackers in mid-operation.
The hackers publicly announced their act in mid-operation, enabling the response team to interrupt and intervene. Lapus$ also claimed that it had 45% of the source code for Cortana and Bing as well as 90% of the code for Bing Maps.
In its blog, Microsoft rolled out a number of steps that organisations can adopt for improved security like multi-factor authentication, education of team members regarding social engineering attacks as well as the creation of processes for response to Lapus$ attacks.