Microsoft Suffers Major Hack?

Microsoft has allegedly suffered a debilitating hack, compromising sensitive source code from entities such as Bing and Cortona.

By Kristi Eckert | Published

microsoft

Microsoft may be the latest victim in a string of cyber attacks put into motion by notorious South American hacking group Lapsus$. Lapsus$ boasted about their alleged accomplishment by sharing a screenshot of what appear to be files containing Microsoft source code information for prominent entities such as Bing and Cortana. Engadget reported that soon after Lapsus$ shared the screenshot they preceded to upload a torrent containing 37GB of data. 

Tech publication Bleeping Computer further detailed Lapsus$’s activities. According to their information, Lapsus$ was allegedly able to siphon source code for a total of 250 different internal Microsoft projects. Additionally, large amounts of Bing data, totaling 90%, is thought to have been extracted. Almost half of Bing Maps and Cortana’s data is also thought to have been compromised. It still remains unclear just how deeply the alleged hack penetrated Microsoft.

Lapsus$’s activities fit right in accordance with their MO. The group operates by targeting high-profile companies, extracting their data, and then asking for ransom funds in exchange for the safe return of their exploited property. The flagrant group has successfully infiltrated the tight security of tech giants like Samsung, Nvidia, and Ubisoft. The proprietary information stolen from Nvidia, for instance, resulted in some of their graphics cards being measurably compromised. Microsoft has yet to officially confirm that they, too, have definitively become the next victim of the cyber attacker’s illegal ploys. However, a spokesperson did say via Engadget that “We are aware of the claims and are investigating.”

password samsung

Lapsus$’s pursuits do not seem to be slowing down. In addition to Microsoft, identity authentication company Okta has also suffered a close call at the hands of the Lapsus$ cybercriminals. The Wall Street Journal detailed that the hackers were circulating screenshots via various social media platforms. The screenshotted photos seemed to be accurate depictions of internal admin images. However, after a thorough investigation, Okta found that no sensitive data had been compromised. 

Unfortunately, though, hacking Okta’s admin systems were likely not a part of Lapsus$’s endgame. The cybercriminals made it clear that their targets were Okta’s highest-tier clientele. This is problematic because Bloomberg News reporter Tiffany Hagler-Gaerd shared with the WSJ that Okta manages over 15,000 client portfolios, many of which belong to high-profile “…multinational companies, universities, and governments.” Still, Okta has maintained that “Based on our investigation to date, there is no evidence of ongoing malicious activity…” and that the screenshots could likely be attributed to a previous incident that occurred in January. Given that questions still loom around Okta’s breach, however, Microsoft should likely make a keen effort to exhaust all of its investigatory efforts. 

Plights executed by ransomware groups such as Lapsus$ against corporate giants like Microsoft is a growing problem that is swiftly becoming increasingly concerning. Microsoft and Okta are just two examples of what amounts to a brigade of cyber onslaughts. At the end of last year, television network behemoth Sinclair Broadcasting suffered at the hands of ransomware attackers. Soon after, nine prominent companies with ties to the US military were simultaneously brought to their knees by a band of malicious hackers. Looking at the internet from a lens such as this suggests that it has truly become the wild west, and the hackers are the dangerous gunslingers that have been let loose to carry out their cataclysmic escapades.