Microsoft Confirms Breach by Lapsus Hacker Group
Targeted Attacks Using Credential Theft Phishing Lures
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as emails. These lures impersonate legitimate organizations and request users to click on a link that leads to a malicious website. If users enter their credentials on the fake website, their information is stolen and used to access their Microsoft accounts.
State-Backed Hack on Microsoft Systems
In a separate incident, the Microsoft security team detected a nation-state attack on its corporate systems on January 12, 2024. The team immediately activated its response protocols and is currently investigating the extent of the breach. Microsoft has not yet released any information about the identity of the attackers or the specific systems that were compromised.
Comments