2022-03-21
Microsoft Investigating Lapsus$ Hacking Claims
Microsoft is investigating claims made by the Lapsus$ hacking group that it has compromised Azure DevOps source code repositories. Lapsus$ has previously stolen data from Nvidia, Samsung, Ubisoft, and others. Rather than infecting its targets with malware, Lapsus$ infiltrates networks, steals sensitive data, and attempts to exact ransom payments from its victims.
Editor's Note
The "Lapsus$" group has breached a number of other high profile targets. The claims should be taken seriously. Today, they also announced a breach of a company associated with Octa and they claimed to be going after Octa customers. Exposed RDP servers are one way how Lapsus$ is assumed to breach its targets. The goal is typically extortion.

Johannes Ullrich
While you cannot be certain of being or not being a target of the Lapsus$ group, you can make sure that your cyber hygiene is up to par. Make sure that you’re following best practices for your source code repositories, particularly any which are externally stored. Make sure you are only enabling the minimum access needed, that authorization/API or other security keys are NOT stored there. If you remove them, make sure they are rotated so that any downloaded or archived copies are not viable. MFA all externally accessible services, make sure there are no undocumented exceptions; keep those to the minimum possible.

Lee Neely
Read more in
Bleeping Computer: Microsoft investigating claims of hacked source code repositories
Cyberscoop: Microsoft investigating hacking group's claims of successful breach
Vice: Microsoft Investigating Claim of Breach by Extortion Gang
The Register: Microsoft investigates after Lapsus$ gang brags of Bing, Cortana code heist