Current Affairs

Issue

Hacking group Lapsus$ has managed to breach systems of Microsoft, the software major has announced.

 

Background

The firm managed to observe a common thread of tactics being deployed to hack into the computer systems.

 

Details

• Companies such as Nvidia, Samsung, Ubisoft, Okta, etc have also been targeted by the same hacker group.

• Okta earlier denied the breach but later agreed that close to 366 of its customers were likely impacted.

• Lapsus$, which is based in South America, publicly posts about their hacks through screenshots of stolen data from Twitter and Telegram.

 

The group

• Termed DEV-0537, the group relies on large-scale social engineering and extortion campaigns against multiple organizations.

• Their targets are government, technology telecom, media, retail and healthcare. They are also attacking cryptocurrency exchanges.

 

Hacking of Microsoft

• Lapsus$ hacked into the Microsoft systems and managed to steal codes of core Microsoft products Bing, Cortana, and Bing Maps. 

• The company says that no customer data was stolen except a single system, which gave only limited access to the hackers.

 

Other targets

• The hacking of Okta was particularly worrisome as the company provides online authentication services to some of major players such as FedEx, Cloudflare, T-Mobile, and Moody’s Corp etc.

• The group gained access to nearly 200GB of data of Samsung, including the source code for encryption and biometric unlocking functions on Galaxy devices.

 

Modus operandi

• They may have used social engineering to lure individuals into revealing critical personal information via phishing attacks.

• The method include a fake survey revealing personal details such as their mother’s maiden name or date of birth, etc for guessing password or security question.

• They have even paid employees of target organization to get access. Sometimes they have called organisation’s helpdesk to reset a target’s credentials and get access.

• The hackers may have gained access to corporate networks and applications through private keys retrieved within Okta.

 

Protective measures

• Business must utilise Multi-Factor Authentication (MFA) to protect themselves from such attacks.

• They should avoid MFA methods such as text messages, voice approvals and push notifications to protect themselves.

• Awareness must be created among employees regarding the social engineering techniques and helpdesk resetting.