Microsoft admits hacking group Lapsus$ stole source code while Okta also confirms breach
Tech giant Microsoft insists group had only ‘limited access’ but Okta believes 2.5 per cent of customers could be impacted
Microsoft says hacking group Lapsus$ gained "limited access" to its systems but insists that no customer code or data was involved in the breach.
Lapsus$ - which has previously claimed to have hacked the likes of Samsung and Nvidia - said on Sunday that it had compromised a Microsoft employee account and had stolen source code.
The group posted a file which it claimed contains partial source code for Bing and Cortana.
In a blog post on Tuesday, the tech giant confirmed that it had been attacked and issued details on the group's methods - labelling Lapsus$ as a "pure extortion and destruction model".
"This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities," the company said.
"Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.
"Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.
"Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact."
Identity and access management vendor Okta has also been breached by the same group. In a blog post, the company said that approximately 2.5 per cent of its customers had been potentially impacted.
The company - whose customers are among some of the world's biggest companies - added that it has already reached out to those who might have been affected.
Providing analysis of Lapsus$' activity, Microsoft said the group is "unlike" other hackers in that does not cover its tracks - including posting attacks on social media and advertising an intent to buy credentials of employees at the organisations it intends to hack.
The group uses "less frequent" tactics, the vendor added, including phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organisations and more.
Microsoft added that its investigation into the recent attack is still ongoing and that it will provide further updates when able to.