After conducting an investigation, Microsoft on Tuesday confirmed that the hacker group Lapsus$ compromised “a single account” and gained "limited access," presumably to the source code of some of its products.
However, it said that no customer code or data was involved in the observed activities.
Earlier that day, the group posted a file that it says contains parts of the source code for Bing and Cortana, amounting to over 36 GB of data. "Bing Maps is 90 percent complete dump. Bing and Cortana around 45 percent," it said.
Lapsus$, which Microsoft calls DEV-0537, has claimed to have hacked some of the world's largest technology companies, including Nvidia, LG, and Samsung. It also said it gained access to identity-management firm Okta Inc's systems.
We Don't Rely on Secrecy of Code for Security, Says Microsoft
In its blog post Microsoft claimed that its security teams have been actively tracking this "large-scale social engineering and extortion campaign against multiple organizations."
It said that its cybersecurity response teams quickly engaged the hackers mid-breach to shut it down and insisted that the leaked source code is not enough to compromise its applications.
"Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk."Microsoft, Security Blog
Lapsus$ also appears to have shot itself in the foot by publicly disclosing their attack on Microsoft.
"Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact," said Microsoft.
According to Microsoft's investigation, the group uses social engineering to gather knowledge about their target’s business operations. It is also known to pay employees at these organisations or its business partners for access to credentials.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)