Once again it was the group Lapsus $ the person responsible for a theft of information from a server of a large company.
After attacking Nvidia, Samsung and the free market, now it’s Microsoft’s turn, and it seems that they always use the same technique, they get the login and password of some company employee to enter their infrastructure.
The modus operandi is a classic. Sometimes they manage to clone a SIM to receive the SMS code necessary to identify themselves, other times they send several access requests until the employee gets tired and ends up putting the password he was looking for… there is not a huge knowledge of how to hack servers, they use techniques to deceive people and enter through the front door. In addition to social engineering, they use Redline to steal passwords and session tokens, or even pay employees to gain access to companies.
As much as a company invests in firewalls, proxies and advanced systems to keep its systems secure, if there is no deep education about social engineering, there is nothing to do. It’s like putting security cameras in your house, steel doors and armored windows, but if the doorman of the building is fooled, the thief enters.
The fact is that this time the Lapsus$ group hacked into Microsoft’s Azure DevOps server and released 37 GB of source code from more than 250 Microsoft projects on Telegram, including 90% of the source code for the Bing search engine, although there is also a large part of Bing Maps and Cortana.
Microsoft has already confirmedbut reports that they have never relied on code secrecy as a security measure, so there is no “elevated risk.”
The activity we have observed has been attributed to a threat group tracked by Microsoft as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.
What can happen now is that projects are born cloning functions of the stolen, although it is very possible that in the code it makes calls to functions in the cloud without which the code cannot be executed correctly.