blog

Some Microsoft’s Source Code Was Stolen By Hacker Group

Written by Securafy Team | Apr 19, 2022 3:00:00 PM

Microsoft recently confirmed that an account belonging to one of their employees was compromised by the Lapsus$ hacking group, which allowed them to abscond with portions of the company's source code.

Yes, you read that correctly.  Microsoft got hacked.  They now join the latest in a seemingly unending parade of large tech companies to have been hacked by well-organized hackers.

In this case, the attackers made off with a head-spinning 37 GB of data. Most of it was in the form of source code for a wide range of internal Microsoft projects including those for Bing, Cortana, and Bing Maps.

The company had this to say about the incident:

"No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.

Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.

Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact."

An investigation into the matter is ongoing but already the company has assessed its own processes and is making changes to further bolster their security.

They recommend doing the following:

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks
  • Establish operational security processes in response to DEV-0537 (Lapsus$) intrusions

No one is safe, but kudos to Microsoft for their transparency here and for publishing specific steps that others can take to help minimize their risks.