Microsoft stated in a statement that the organization had hacked “a single account” and was “known for adopting a pure extortion and destruction methodology without delivering ransomware payloads.”
This is the latest in a long line of claimed Lapsus$ attacks. The gang claimed credit for a cyberattack on Nvidia earlier this month, as we reported.
The organization then claimed responsibility for an attack on Samsung a week later, in which a large quantity of data was stolen, including algorithms for all biometric technology used by Samsung.
Microsoft released a long statement outlining how the assault occurred and its recommendations for improved safeguards against future attempts. The company has highlighted what it believes are Lapsus$’s motivations and objectives (which Microsoft refers to in the post as DEV-0537).
The goal of DEV-0537, according to the Microsoft Threat Intelligence Center (MSTIC), is to achieve elevated access using stolen credentials, allowing data theft and disruptive attacks against a targeted business, typically culminating in extortion. This is a cybercriminal actor who is driven by stealing and destruction, according to tactics and aims.
Microsoft has also stated that, while the breach did occur, “no customer code or data was involved in the observed actions,” according to the company. Their research has revealed that a single account has been compromised, providing limited access, it continued.
The company concluded by making recommendations to other businesses that could be targeted by the hacker gang, including displaying a screenshot from a WhatsApp discussion in which the group identifies a list of targets that includes Apple, EA, and others.
“One of the key avenues of defense against DEV-0537 is multifactor authentication (MFA).” While this organization works to find MFA flaws, it remains a crucial component of identity security for employees, vendors, and other persons.”