Security News > 2022 > March > Microsoft confirms they were hacked by Lapsus$ extortion group
In a new blog post published tonight, Microsoft has confirmed that one of their employee's accounts was compromised by Lapsus$, providing limited access to source code repositories.
"No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity," explained Microsoft in an advisory about the Lapsus$ threat actors.
While Microsoft has not shared how the account was compromised, they provided a general overview of the Lapsus gang's tactics, techniques, and procedures observed across multiple attacks.
Microsoft is tracking the Lapsus$ data extortion group as 'DEV-0537' and says they primarily focus on obtaining compromised credentials for initial access to corporate networks.
Microsoft says they use session replay attacks for accounts that utilize MFA, or continuously trigger MFA notifications until the user becomes tired of them and confirms that the user should be allowed to log in.
The hacking group also uses these credentials to gain access to source code repositories on GitLab, GitHub, and Azure DevOps, as we saw with the attack on Microsoft.