来源:VICE
原英文标题:《Microsoft Investigating Claim of Breach by Extortion Gang》
Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal Microsoft systems, according to a statement from the company.
根据微软的一份声明,微软正在调查一个以敲诈勒索为重点的黑客组织,该组织此前曾入侵过育碧和英伟达等大型公司,但已经获得了对微软内部系统的访问权限。
The hacking group, which goes by the self-designated name LAPSUS$, has successfully breached a wave of corporations recently. LAPSUS$ sometimes makes unusual ransom demands of its victims, including asking Nvidia to unlock aspects of its graphics cards to make them more suitable for mining cryptocurrency. The group has so far not made any public demands against Microsoft.
这个自称为LAPSUS$的黑客组织最近成功地入侵了一波公司。LAPSUS$有时会向受害者提出不寻常的赎金要求,包括要求Nvidia解锁其显卡的各个方面,以使其更适合挖掘加密货币。到目前为止,该组织尚未对微软提出任何公开要求。
On Sunday, LAPSUS$ posted a screenshot of what appeared to be an internal Microsoft developer account to their Telegram channel. The screenshot appeared to be from an Azure DevOps account, a product that Microsoft offers that allows developers to collaborate on projects. Specific projects shown in the screenshot include “Bing_UX,” potentially referring to the user experience of Microsoft’s Bing search engine; “Bing-Source,” indicating access to the source code of the search engine; and “Cortana,” Microsoft’s smart assistant. Other sections include “mscomdev,” “microsoft,” and “msblox,” indicating whoever took the screenshot may have access to other code repositories as well.
周日,LAPSUS$在他们的Telegram频道上发布了一张似乎是微软内部开发人员帐户的屏幕截图。屏幕截图似乎来自Azure DevOps帐户,这是Microsoft提供的产品,允许开发人员在项目上进行协作。屏幕截图中显示的具体项目包括"Bing_UX",可能是指微软Bing搜索引擎的用户体验;"Bing-Source",表示对搜索引擎源代码的访问;和微软的智能助手"Cortana"。其他部分包括"mscomdev","microsoft"和"msblox",表明截取屏幕截图的人也可以访问其他代码存储库。
Shortly after posting the screenshot, an administrator of LAPSUS$’s Telegram channel deleted the image.
在发布屏幕截图后不久,LAPSUS$的Telegram频道的管理员删除了该图像。
“Deleted for now will repost later,” they wrote.
"现在删除的内容将在以后重新发布,"他们写道。
On Sunday, a Microsoft spokesperson told Motherboard in an email that “We are aware of the claims and are investigating.”
周日,微软发言人在一封电子邮件中告诉Motherboard,"我们知道这些说法,正在调查中。
Earlier this month the group said on its Telegram channel that it was seeking employees inside companies who would be willing to work with them, including Microsoft.
本月早些时候,该组织在其Telegram频道上表示,它正在寻找愿意与他们合作的公司内部的员工,包括微软。
“We recruit employees/insider at the following!!!!,” the group wrote on March 10, followed by a list of sectors such as telecommunications firms, large software or gaming companies, or data hosts. In the message, the group explicitly pointed to Apple, IBM, and Microsoft as companies they would be interested in. “TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A ** OR CITRIX TO THE NETWORK, or some anydesk,” the message added, describing particular ways that the hackers may be able to access target companies’ networks with the rogue employee’s help.
该组织在3月10日写道:"我们通过以下方式招聘员工/内部人员!!!!,",随后是电信公司,大型软件或游戏公司或数据主机等行业的名单。在消息中,该组织明确指出苹果,IBM和微软是他们感兴趣的公司,"请注意:我们不是在寻找数据,我们正在寻找员工向我们提供**或CITRIX到网络,或一些anydesk,"消息补充说,描述了黑客可能能够在流氓员工的帮助下访问目标公司网络的特定方式。
Since December, the group has breached the Ministry of Health of Brazil, a slew of Brazilian and Portuguese companies, and then Nvidia and Samsung in February and March respectively, according to a timeline of LAPSUS$ attacks published by cybersecurity firm Silent Push. The group also seemingly took credit for breaching Ubisoft this month.
自12月以来,根据网络安全公司Silent Push发布的LAPSUS$攻击时间表,该组织已经入侵了巴西卫生部,巴西和葡萄牙公司,然后是Nvidia和三星分别在2月和3月。本月该组织也宣称对育碧最近遭遇的网络安全攻击负责。
During some of its attacks, the group made a demand of payment in exchange for not leaking internal data it had stolen from the victims. In the NVIDIA case, the hackers demanded that the company open source its GPU drivers and remove a limitation on its 30-series cards around mining Ethereum, The Verge reported at the time. On its Telegram group, LAPSUS$ also claimed that NVIDIA, or someone working on its behalf, hacked back the attacks and tried to in turn encrypt the stolen material. The group ended up leaking some NVIDIA data as well as data stolen from Samsung.
在一些攻击期间,该组织要求付款,以换取不泄露从受害者那里窃取的内部数据。据The Verge当时报道,在NVIDIA的案例中,黑客要求该公司开源其GPU驱动程序,并取消对其30系列卡的限制,以挖掘以太坊。在其Telegram集团上,LAPSUS$还声称NVIDIA或代表其工作的人入侵了这些攻击,并试图反过来加密被盗材料。该组织最终泄露了一些NVIDIA数据以及从三星窃取的数据。
LAPSUS$ may have also been responsible for hacking gaming giant Electronic Arts, although the hackers didn’t use the LUPSUS$ name until after Motherboard revealed that breach last June. In a later post on an underground forum, a user wrote “the real credits are for LAPSUS$, we will leak a lot more stuff.”
LAPSUS$可能也对黑客游戏巨头Electronic Arts负责,尽管黑客直到去年六月Motherboard披露该漏洞后才使用LUPSUS$名称。在后来的一篇地下论坛帖子中,一位用户写道:"真正的信源是LAPSUS$,我们会泄露更多的东西。
In an email to Motherboard, Stefano De Blasi, cyber threat research analyst at cybersecurity firm Digital Shadows, pointed to two things that make LAPSUS$ different from your common extortion gang. First, the group has never actually deployed ransomware, instead exfiltrating data and using that to blackmail the target. This allows the group to move more stealthily, De Blasi said. De Blasi also pointed to LAPSUS$'s interactive presence on Telegram, and specifically that the group messages with its followers.
在给Motherboard的一封电子邮件中,网络安全公司Digital Shadows的网络威胁研究分析师Stefano De Blasi指出了使LAPSUS$与常见的勒索团伙不同的两件事。首先,该组织从未实际部署过勒索软件,而是泄露数据并使用它来勒索目标。这使得该组织能够更隐蔽地移动,De Blasi说。De Blasi还指出了LAPSUS$在Telegram上的互动存在,特别是该群组与其追随者一起发送消息。
Motherboard previously reported that hackers were able to gain access to the contents of MSN, Hotmail, and Outlook users’ email inboxes after abusing access to a customer support portal.
Motherboard此前曾报道,黑客在滥用对客户支持门户的访问权限后,能够访问MSN,Hotmail和Outlook用户的电子邮件收件箱的内容。 |
310112100042806
发表于 2022-3-22 13:21