Microsoft Says Lapsus$ Used Employee Account to Steal Source Code
Microsoft has confirmed that the data-extortion gang Lapsus$ was able to hack into its Azure DevOps server. In the same time frame, another victim, an authentication firm named Okta, came forward and confirmed that 2.5% of its customers were affected in its own Lapsus$ attack. Microsoft announced the attack publicly in a blog post published earlier this week. The statement highlights the attack, during which the threat actors were able to obtain limited access to Microsoft project source code repositories. Microsoft stated that no customer code or data was involved in the attack.
One single account was reportedly compromised, however, the threat actors were only able to achieve limited access. Microsoft’s response teams were quick to take action and remediate the compromised account to prevent further activity. Over the weekend, Lapsus$ has claimed to have stolen Microsoft source code including code pertaining to the Bing search engine, Bing Maps, and Cortana voice assistant.