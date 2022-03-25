The tech giant is the latest victim of an extortion ring that has already hit Nvidia and Samsung.

Image: Microsoft.

Microsoft confirmed today to have been a victim of a cyber attack by the extortion group called DEV-0537, also known on social media as LAPSUS$, shortly after claiming responsibility for the theft of partial source code from Bing and Cortana. From Redmond they acted quickly and assure in a statement that customer data was not involved in said action.

“This week, [LAPSUS$] claimed to have had access to Microsoft and extracted parts of the source code. No data or code of any client has been involved in the activities observed. Our investigation has found that a single account was compromised, granting limited access,” details the tech giant’s cybersecurity team, stating that they were able to stop the vulnerability soon.

For its part, LAPSUS$ assured on Telegram last weekend that it had access to 90% of the Bing Maps code, and about 45% of the Bing and Cortana code. He did this by sharing a torrent with a compressed size of 9 GB.

Image: Microsoft.

The US corporation’s Microsoft Threat Intelligence Center explains that LAPSUS$ seeks to gain access through stolen credentials capable of enabling data theft and destructive attacks against a targeted organization, often resulting in extortion. “The tactics and the objectives indicate that it is a cybercriminal group motivated by theft and destruction“.

The name of LAPSUS$ is already known in networks. As explained in Xataka, the group of cybercriminals behind the hacks to Nvidia, Samsung and MercadoLibre. Now they have run into Microsoft, which has wanted to be quite transparent providing recommendations to other future victims of the group.

