CyberNews Briefs

Microsoft Says Lapsus$ Used Employee Account to Steal Source Code

Microsoft has confirmed that the data-extortion gang Lapsus$ was able to hack into its Azure DevOps server. In the same time frame, another victim, an authentication firm named Okta, came forward and confirmed that 2.5% of its customers were affected in its own Lapsus$ attack. Microsoft announced the attack publicly in a blog post published earlier this week. The statement highlights the attack, during which the threat actors were able to obtain limited access to Microsoft project source code repositories. Microsoft stated that no customer code or data was involved in the attack.

One single account was reportedly compromised, however, the threat actors were only able to achieve limited access. Microsoft’s response teams were quick to take action and remediate the compromised account to prevent further activity. Over the weekend, Lapsus$ has claimed to have stolen Microsoft source code including code pertaining to the Bing search engine, Bing Maps, and Cortana voice assistant.

Read More: Microsoft Says Lapsus$ Used Employee Account to Steal Source Code

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.