Microsoft announced in March 2022 that LAPSUS$, a highly active group credited with hacking into other major tech companies like Nvidia, Samsung, T-Mobile, Uber, Globant, and Rockstar Games had breached their Microsoft Azure DevOps Team.
Although Microsoft did not specifically state that they were aware of or willing to disclose the specifics of how an employee’s account had been compromised, they did note that LAPSUS$ has a reputation for making their intentions known, frequently announcing their desire to buy login credentials from malicious actors or disgruntled employees.
The source code for Bing, Bing Maps, Cortana, as well as numerous Azure Subscription keys, private RSA keys, and key credential pairs, were ultimately exposed as a result of this breach.
Rather than installing ransomware to capitalize , LAPSUS$ prefers that businesses pay for the return or destruction of data, to avoid facing the consequences of having the data leaked online.
Microsoft could do have done more to prevent this breach by ensuring employee accounts are better secured . It is paramount that employees in critical DevOps roles dealing with critical source code use best practices and are integrating security testing and other activities into the development process. Furthermore effective use of two factor authentication would have made it more challenging for attackers to gain access to employee accounts .