The Microsoft Threat Intelligence of the US Company describes that LAPSUS $ looks for to obtain access via taken credentials with the ability of permitting information burglary and destructive strikes against an unbiased company, which usually results in extortion. “Strategies and objectives show that it is a cybercinquent group motivated by burglary and also damage “.
Microsoft He confirmed today to have actually been a target of a cyber strike by the extortion group called Dev-0537, likewise understood in socials media such as lapses $, soon after having claimed these authorship in the burglary of Partial source code of Bing and Cortana. From Redmond acted rapidly and make sure in a declaration that consumer information was not associated with this action.
“Today, [gaps $] asserted to have had accessibility to Microsoft as well as drawn out components of the resource code. No information or code of a customer has actually been associated with the observed activities . Our research study has actually found that a single account is He saw endangered, providing minimal accessibility, “information the cybersecurity group of the technical giant, stating that they can gradually reduce susceptability.
For its component, LAPSUS $ protected at Telegram last weekend break to have accessibility to 90% of the Bing Maps code, as well as concerning 45% of the Bing and Cortana Code. He did it by sharing a torrent with a compressed size of 9 GB.
The name of lapses $ is currently understood in networks. As they describe in Xataka, the group of cybercriminals behind the hackes to Nvidia, Samsung and also MercadoLibre. Now they have met Microsoft, which has actually wished to be quite clear offering suggestions to other future sufferers of the group .
The International Cyber Crime Group Labsus (Lapsus $), which increases the invisibility with NVIDIA hacks, has taken the Galaxy Confidential Source Code in Samsung Electronics and released on-line incidents. The data retracted by this case is reached in 190 gigabyte (GB).
Among them, there is also a source code of a program that implements the functions associated with Galaxy security such as biometrics and Knox. If the source code that is responsible for the security function of the Galaxy was leaked, should not a direct security threat to general users?
It is a diagnosis of security experts that the source code is not a threat of security itself. However, if there is a vulnerability on the source code only, the advice that it should be faster as soon as it can be exploited to the attack.
■ “The design is also released to be released”… Source Code Disclosure and Security Threats are separate
Cyber Crime Group Labsus was “Samsung’s confidential source code” through telegram channels on the last 5 days, and 190GB data was released as a P2P data sharing system.
After the last 7 days, Samsung Electronics also said, “I have been in the recent external information deodorization attempt, to make an immediate response system, and confirmed the fact that I was infringed by hackers.
The data leaked from Samsung Electronics is the source code of the internal program applied to the latest Galaxy smartph1. This includes the program and technology source code, which is the core of Galaxy security features such as ” ” ‘security platform Knox’, “” Algorithm for unlocking and authorizing “the” “Samsung Account Certification and Authorization”.
In general Galaxy users, it is a point in which concerns that they may cause attacks on personal terminals in this accident.
Is the source code to be punched when the source code is leaked?
Certification Professional Information Protector Dream Treatment of Dream Treatment of Dream Treatment is that “The disclosure of the source code is not directly associated with the hacking threat to this question,” “If you have such a logical (source code), the encryption algorithm that is already released I have not used it, but it is not. “
Kim Seung-joo, Korea University Information Protection Graduate School of Information Protection Graduate School Professor “If the source code is disclosed, the logic that it is directly connected to hacking, everything that is open to the open source is not that,” The source code is released, If the code does not have an error, it does not connect with hacking “.
■ “I need to quickly find and patch myself to the vulnerability”
Easy to explain this accident is similar to that the building design is disclosed. The design is unveiled, so the thief can not break into the building. It is an important issue that the security device is well equipped with the building than the disclosure of the design. If the security device is well equipped with the building, the thief has no use even if the design is put in the hand.
However, as the design is released, the thief should be able to find the point where security is easier to find. Originally, go directly to the building and have a security device, but the daily needed to check it, and the time to analyze the security vulnerability point is shortened. Thieves can find that no passage has no security device, to find it faster and penetrate the part to penetrate the part.
In the case of this case, it is also the opinion of experts that they need a vulnerability on the source code, which can be found on the source code.
Professor Kim, Seungju said, “There may be an error that I have not found even if Samsung checked it. In general, hackers will be able to have a reversing process in which the program injects the source code, and finds a vulnerable to the source code, If it is unveiled, it can shorten the process, so the time itself to analyze the vulnerability could be reduced. “
“Therefore, it is necessary to strengthen the monitoring system a little more than usual,” he said, “We have to adopt a variety of monitoring systems, including bugbari, and take measures to find and choose vulnerabilities.”