Microsoft in an official blog post revealed that one of its employees’ accounts was hacked, and that’s how the Lapsus$ gang attained the company’s internal data.

Earlier this week, the Lapsus$ gang has leaked the source code of Bing apps, Cortana, and several other applications belonging to Microsoft, through a breached Azure DevOps server. Securing the compromised employee account, Microsoft listed how Lapsus$ works and tips on thwarting it.

Microsoft Falls Prey to Lapsus$

On Sunday morning, the raging Lapsus$ group announced stealing source code data from Microsoft, to which the victim company said it’s investigating the issue. And just yesterday, the Lapsus$ gang shared a torrent link to let everyone download the stolen Microsoft data!

The dump contained source code of various Microsoft applications like Bing Search, Cortana, and Bing Maps, which the Lapsus$ claimed to have obtained from an Azure DevOps server. Now, Microsoft has confirmed that one of its employee’s accounts was compromised, and that’s how the threat actor has obtained this data.

Although Microsoft follows a strict policy of not including critical information (like API keys or credentials) in the source code of any of its projects, leakage of source code can be significantly impact its reputation. Yet, Microsoft said no customer data was involved in this incident.

Further, the company said their cybersecurity teams have quickly responded to this and secured the compromised account. Tracking the Lapsus$ gang as DEV-0537, Microsoft said they’d breach targets’ accounts with compromised credentials.

And this happens either by stealing them through Redline password stealer, purchasing credentials and session tokens from criminal underground forums, or even bribing employees at targeted organizations for their access. Warning organizations to be aware of this cybercrime group, Microsoft noted the following tips of protection;

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks
  • Establish operational security processes in response to DEV-0537 intrusions


Please enter your comment!
Please enter your name here