'Single account' compromise led to Microsoft's Lapsus$ code leak

By
Follow google news

Attackers were interrupted mid-operation.

Microsoft has gone public over how the hackers that work under the Lapsus$ moniker got access to its systems.

'Single account' compromise led to Microsoft's Lapsus$ code leak

Over the weekend, the hackers posted and deleted screenshots on Telegram that suggested they’d accessed code for Cortana and Bing.

In a blog post outlining Microsoft’s analysis of Lapsus$' techniques, Microsoft said it managed to interrupt the attackers.

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion," the post states.

“This public disclosure escalated our action, allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact."

The attack did not result in any widespread compromise, Microsoft said.

“Our investigation has found a single account had been compromised, granting limited access.

"Our cyber security response teams quickly engaged to remediate the compromised account and prevent further activity."

Similar to its response to previous code leaks, Microsoft added that having code viewed by outsiders is no longer the catastrophe it might once have been.

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk”, the post continued.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?