We have launched our mobile app, get it now. Call : 9354229384, 9354252518, 9999830584.  

Current Affairs

Lapsus$

Date: 25 March 2022 Tags: Defence & Security

Issue

Hacking group Lapsus$ has managed to breach systems of Microsoft, the software major has announced.

 

Background

The firm managed to observe a common thread of tactics being deployed to hack into the computer systems.

 

Details

  • Companies such as Nvidia, Samsung, Ubisoft, Okta, etc have also been targeted by the same hacker group.

  • Okta earlier denied the breach but later agreed that close to 366 of its customers were likely impacted.

  • Lapsus$, which is based in South America, publicly posts about their hacks through screenshots of stolen data from Twitter and Telegram.

 

The group

  • Termed DEV-0537, the group relies on large-scale social engineering and extortion campaigns against multiple organizations.

  • Their targets are government, technology telecom, media, retail and healthcare. They are also attacking cryptocurrency exchanges.

 

Hacking of Microsoft

  • Lapsus$ hacked into the Microsoft systems and managed to steal codes of core Microsoft products Bing, Cortana, and Bing Maps. 

  • The company says that no customer data was stolen except a single system, which gave only limited access to the hackers.

 

Other targets

  • The hacking of Okta was particularly worrisome as the company provides online authentication services to some of major players such as FedEx, Cloudflare, T-Mobile, and Moody’s Corp etc.

  • The group gained access to nearly 200GB of data of Samsung, including the source code for encryption and biometric unlocking functions on Galaxy devices.

 

Modus operandi

  • They may have used social engineering to lure individuals into revealing critical personal information via phishing attacks.

  • The method include a fake survey revealing personal details such as their mother’s maiden name or date of birth, etc for guessing password or security question.

  • They have even paid employees of target organization to get access. Sometimes they have called organisation’s helpdesk to reset a target’s credentials and get access.

  • The hackers may have gained access to corporate networks and applications through private keys retrieved within Okta.

 

Protective measures

  • Business must utilise Multi-Factor Authentication (MFA) to protect themselves from such attacks.

  • They should avoid MFA methods such as text messages, voice approvals and push notifications to protect themselves.

  • Awareness must be created among employees regarding the social engineering techniques and helpdesk resetting.