Microsoft investigates potential LAPSUS$ hack | #emailsecurity | #phishing | #ransomware | #hacking | #aihp

Reports from Monday, March 21 brought forward the latest capture of the Lapsus$ extortion group. The extortion group was involved in cutting through some of largest tech companies of the world in the past few months. These include South Korea’s Samsung Electronics Ltd. and the company Nvidia. The hacking group had infamously asked for ransom from Nvidia. Additionally, the controversy surrounding the leak Samsung’s source code of its Galaxy device had also gone on for a while.

The latest reports reveal that Microsoft could be the latest target of the extortion gang. The infiltration seems to surround a screenshot leak comprising sensitive internal data. In a statement, the company confirmed that Lapsus$ had acquired access to their crucial information. Currently, Microsoft is looking into the hacking carried out by the group  involved in hacking Nvidia and Ubisoft. Lapsus$ has not demanded anything from the software giant yet. However, it had previously made some absurd demands for ransom from Nvidia. The demands included asking the company to make them more fitted for mining cryptocurrency.

What did the hacking group exactly leak?

The Lapsus$ group posted a screenshot on Sunday, March 20. The contents of the screenshot showed an internal Microsoft developer account to their Telegram channel. Apparently, the screenshot was from an Azure DevOps account, a product the company offers that enables developers to collaborate on assigned projects.

Moreover, the screenshot also revealed particular projects including “Bing_UX, potentially indicating the user experience to Microsoft’s search engine, Bing. Additionally, “Bing-Source,” referring to access to source code of the search engine, along with its smart assistant, “Cortona.” Alongside, the screenshot also disclosed sections of “mscomdev,” ‘microsoft,” and “msbox.” This could prove that the one taking screenshot, could possible have access to codes too.

Subsequently, the screenshot was deleted a while after its post on the Telegram channel. An administrator of the extortion group’s Telegram channel carried out the deletion. However, they placed a warning saying though it’s “deleted for now,” they will post it again later on.

After the revelation of the screenshot, the software giant confirmed the news to concerned authorities. Reportedly, a spokesperson from Microsoft wrote an email to bodies that enquired about claims. The spokesperson specified that they were aware of the situation and are carrying out an investigation on it,

In the first few weeks of March, the hacking group posted another update on their Telegram channel. Specifically, it stated that they were looking for workers inside companies willing to work with them. Lapsus$ was also looking for employees from Microsoft who would willingly aid them. The group also had a part in breaching the Ministry of Health of Brazil, among other organisations.