Microsoft: Lapsus$ Used Employee Account to Steal Source Code

The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.

In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories.

“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft explained in an advisory about the Lapsus$ threat actors.

Over the weekend and into this week, the gang has publicly claimed to have penetrated Microsoft’s defenses and stolen source code, including code for the company’s Bing search engine, Bing Maps and Cortana voice assistant.

Compromised Azure DevOps Server

On Sunday, the actor announced that it had compromised Microsoft’s Azure DevOps server. Lapsus$ shared a screenshot of what were allegedly Microsoft’s internal source code repositories: leaked files that security researchers said appear to be legitimate internal source code.

LAPSU$ next victim seem to be @Microsoft (?)@SOSIntel

Read More: