Lapsus$ attacks again, This time it’s Microsoft

Lapsus$ attacks again, This time it’s Microsoft

It was confirmed by Microsoft that one of their employee’s accounts had been compromised by Lapsus$ hacking group, which let them get access and steal parts of the Tech giant’s source code. On the 21st of March 2022, the famous gang of threat actors, released 37GB of source code stolen from Microsoft’s Azure DevOps server. As unfortunate as it sounds the source codes were of various internal projects at Microsoft and including for Bing, Cortana and Bing Maps as well.

Microsoft responded to this incident by stating, “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.” “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

Microsoft has also provided a general overview of the threat actors’ gang tactics, aims, techniques and procedures (TTPs) after observing and studying many of their attacks. It was stated that a number of methods were used when obtaining credentials in the corporate network. The following is requested and recommended by Microsoft for corporates to follow when protecting against such attacks;

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks

The group has recently released numerous attacks against the enterprise, including those against NVIDIASamsungVodafoneUbisoftMercado Libre, and now Microsoft.



Copy link
Powered by Social Snap