Microsoft confirms cyber attack, source code stolen

Company said that parts of the code for Bing and Cortana were compromised by hacker group

Microsoft has had partial source code pertaining to Bing and Cortana stolen as part of a cyber attack, the company has confirmed.

In a statement, the firm said that it has been "actively tracking a large-scale social engineering and extortion campaign," and has attributed the threat to hacker group Lapsus$.

The statement goes on to detail the activity it has observed from the group, which it refers to as DEV-0537, as well as sharing suggestions on how to safeguard against similar attacks.

Microsoft also speculated what it believes to be the group's motives, including "theft and destruction," and noted that said organisation has targeted other names in other sectors.

"DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads," the blog post read.

It goes on to explain that Lapsus$ likely gained access to organisations via purchasing employee credentials and multi-factor authentication (MFA) approval, using a password stealer, or searching public code for exposed credentials.

While internal resources were compromised in the hack, Microsoft highlighted that "no customer code or data was involved in the observed activities."

Microsoft said it will continue to monitor the group's activities and communicate additional insight as and when it investigates.

The group is also reportedly behind similar cyber attacks on Nvidia and Samsung, as per VGC.

More stories

Miniclip to acquire mobile game developer Sybo

The latest acquisition joins the mobile gaming firm's recent additions which includes Supersonic Software and Eight Pixels

By Jeffrey Rousseau

Zachtronics announces closure

Indie studio to shut up shop by the end of this year

By Danielle Partis

Latest comments

Sign in to contribute

Need an account? Register now.