Microsoft Investigating Lapsus$ Hacking Claims
Microsoft is investigating claims made by the Lapsus$ hacking group that it has compromised Azure DevOps source code repositories. Lapsus$ has previously stolen data from Nvidia, Samsung, Ubisoft, and others. Rather than infecting its targets with malware, Lapsus$ infiltrates networks, steals sensitive data, and attempts to exact ransom payments from its victims.
The "Lapsus$" group has breached a number of other high profile targets. The claims should be taken seriously. Today, they also announced a breach of a company associated with Octa and they claimed to be going after Octa customers. Exposed RDP servers are one way how Lapsus$ is assumed to breach its targets. The goal is typically extortion.
While you cannot be certain of being or not being a target of the Lapsus$ group, you can make sure that your cyber hygiene is up to par. Make sure that you’re following best practices for your source code repositories, particularly any which are externally stored. Make sure you are only enabling the minimum access needed, that authorization/API or other security keys are NOT stored there. If you remove them, make sure they are rotated so that any downloaded or archived copies are not viable. MFA all externally accessible services, make sure there are no undocumented exceptions; keep those to the minimum possible.
Read more in
Bleeping Computer: Microsoft investigating claims of hacked source code repositories