News and Updates on Information Technology

Microsoft confirmed that one of its employees was compromised by the hacking group Lapsus$

Exploit: Unauthorized Access

Microsoft: Software Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.337 = Severe

The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana, and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Source code is a useful asset for cybercriminals that can help them develop new malware and attack techniques.

Source: bleeping computer