On Telegram, on the morning of March 20, the Lapsus$ group claimed responsibility for the theft of internal Microsoft data using a screenshot. Deleted, it was replaced by a file on March 21. According to BleepingComputerthe information contained in the file seems to come from the American giant.
Microsoft only admits to investigating the issue
In total, 37Gb of files relating to 250 projects have been published. According to the hacker group, it owns 90% of the source code of the Bing search engine, 45% of that of Bing Maps and Cortana. Windows or Office seem spared.
Biden administration flags Russian ‘preparatory activities’ for cyberattacks
Source: Telegram
Cybersecurity researchers, consulted by Bleeping Computer, consider the file genuine. They report having found, for certain projects, emails and internal documentation to Microsoft engineers. The leak could come from the company’s internal Azure DevOps server.
At this time, Microsoft has only said ” We are aware of the claims and are investigating “. On Lapsus$’s Telegram account, no ransom demand or claim has been made.
The group, known since the end of 2021, has been particularly active. It recovered obviously legitimate data from Nvidia, Samsung and Ubisoft were also affected. They then use this information, often confidential, to force the victim to pay a ransom not to disseminate it. Lapsus$ demanded that Nvidia unlock its graphics cards for cryptocurrency mining.
In the wake of the disclosure of Microsoft’s documents on March 22, Lapsus$ revealed a new leak, this time affecting Okta. Okta is an authentication and identity management platform used by 15,000 customers around the world to secure access to their networks. Bill Demirkapi, an independent cybersecurity researcher, told Reuters that the published documents are credible.
The extent of the breach remains unknown, but the attack could serve as a springboard to others. One of Okta’s security officials, Chris Hollis, said he was investigating the intrusion. He believes that the documents were stolen during a cybersecurity event that occurred in January and has since been resolved, ” Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January “.
Lapsus$ at the origin of a job offer like no other
Lapsus$’s tactics to steal such sensitive documents from such important companies remain unknown to this day. Nevertheless, on March 10, the group took advantage of its success on Telegram, 33,000 subscribers, to publish an offer, stamped @lapsusjobs, to say the least inflated: to offer employees of large companies (Microsoft, Apple, EA, AT & T , are quoted) a remuneration against internal accesses.
A job offer like no other… Source: Telegram
It is difficult to establish whether this is how Lapsus$ proceeds to embarrass these large companies or whether it uses more traditional means, such as ransomware. One certainty, in just a few months, the group has managed to build a solid reputation that allows it to boast.