Lapsus$
Date: 25 March 2022 Tags: Defence & SecurityIssue
Hacking group Lapsus$ has managed to breach systems of Microsoft, the software major has announced.
Background
The firm managed to observe a common thread of tactics being deployed to hack into the computer systems.
Details
-
Companies such as Nvidia, Samsung, Ubisoft, Okta, etc have also been targeted by the same hacker group.
-
Okta earlier denied the breach but later agreed that close to 366 of its customers were likely impacted.
-
Lapsus$, which is based in South America, publicly posts about their hacks through screenshots of stolen data from Twitter and Telegram.
The group
-
Termed DEV-0537, the group relies on large-scale social engineering and extortion campaigns against multiple organizations.
-
Their targets are government, technology telecom, media, retail and healthcare. They are also attacking cryptocurrency exchanges.
Hacking of Microsoft
-
Lapsus$ hacked into the Microsoft systems and managed to steal codes of core Microsoft products Bing, Cortana, and Bing Maps.
-
The company says that no customer data was stolen except a single system, which gave only limited access to the hackers.
Other targets
-
The hacking of Okta was particularly worrisome as the company provides online authentication services to some of major players such as FedEx, Cloudflare, T-Mobile, and Moody’s Corp etc.
-
The group gained access to nearly 200GB of data of Samsung, including the source code for encryption and biometric unlocking functions on Galaxy devices.
Modus operandi
-
They may have used social engineering to lure individuals into revealing critical personal information via phishing attacks.
-
The method include a fake survey revealing personal details such as their mother’s maiden name or date of birth, etc for guessing password or security question.
-
They have even paid employees of target organization to get access. Sometimes they have called organisation’s helpdesk to reset a target’s credentials and get access.
-
The hackers may have gained access to corporate networks and applications through private keys retrieved within Okta.
Protective measures
-
Business must utilise Multi-Factor Authentication (MFA) to protect themselves from such attacks.
-
They should avoid MFA methods such as text messages, voice approvals and push notifications to protect themselves.
-
Awareness must be created among employees regarding the social engineering techniques and helpdesk resetting.