Microsoft confirms Bing and Cortana data leaked in cyberattack

On Tuesday night (22nd), Microsoft confirmed that the source code of technologies such as Bing and Cortana had been leaked. The Lapsus Group leaked 37GB of information online on Sunday from platforms related to search, language support and maps after the Redmond-based company’s employee accounts were compromised.

According to the criminal Azure DevOps, Microsoft said in an official statement that the profiles of contributors are part of the software development platform. Because of this, the source code for part of the solution was obtained from the gang and posted in a torrent file via a group on Telegram, used by them to reveal new targets, recruit stakeholders, and leak data.

According to the company, the intrusion occurred in one account and did not affect customer data in the company’s solutions or sensitive files of the company itself or its partners. Although the source codes are considered confidential, Microsoft believes their availability should not increase the risk of attacks on its infrastructure and those who use these technologies on a daily basis, as security teams act swiftly to shut down unauthorized access. and block new activity.

The information matches what Lapsus himself shared on Sunday with a partial release of the Microsoft service’s source code. The 37 GB volume contains 90% code related to Bing Maps and 45% elements related to Cortana and the Bing search engine.

Pay close attention to mistakes

Going a step further, the company said it was monitoring the activities of the Lapsus Group, noting that cybercriminals’ preferred focus is to obtain credentials that would enable them to breach a corporate network for the first time. That’s how the Microsoft hack happened, but the company has not commented on how those in charge gained access, whether through phishing attacks, leaked databases, malware, employee payments or other methods.

However, the group used other methods in previous break-ins. Microsoft spoke about instances of SIM cards being cloned, obtaining two-factor authentication codes, and exploiting vulnerabilities in infrastructure and software development platforms. Once inside the network, it looks for accounts with the highest administrative levels, allowing data leakage and access to sensitive information.

Microsoft uses the breach report itself to provide companies with security tips for blundering attacks. These recommendations include the use of strong multi-factor authentication protocols and increased monitoring of cloud-connected accounts, as well as introducing employee awareness processes for social engineering attacks and processes to prevent unauthorized access to user profiles.

Lapsus also leaked data from LG and certification companies

Microsoft wasn’t the only company hit by Lapsus this weekend. Hours later, the cybercriminal group also released a document containing tens of thousands of entries from LG, allegedly with hashed employee accounts, and information from security and authentication firm Okta’s internal systems and configuration platform. Screenshots. Data serving thousands of organizations, governments, and universities around the world.

The company played down the incident, saying it was a burglary in January. Also on Monday night (22nd), Okta released an update on the case, saying that only 375 customers, or about 2.5% of its base, were affected by the Lapsus incident. The company said none of them had to take any action on the matter.

The Lapsus Group, via Telegram, denied the allegations, explaining that access was via a portal that even allowed password resets and turned off multi-factor authentication for 95 percent of the company’s customers. The gang also pointed to poor password and privacy practices at identity verification company Slack, the right to exchange passwords directly between employees via chat, and a lack of ties to digital security firms reporting system vulnerabilities.

As far as LG is concerned, little information is still available, and the 88,000 entries leaked by Lapsus correspond to employee logins and accounts registered in brand services. Only the names of those affected are visible in the documents, and the cybercriminal group promises to release more information about the company’s infrastructure soon.