Continuing its string of high-profile attacks, Lapsus$ may have hacked Microsoft’s code repositories.
As BleepingComputer points out, Lapsus$ operates differently than many ransomware gangs. Rather than targeting a company’s desktop machines and servers, holding them for a ransom, Lapsus$ targets companies’ code repositories. Once the group has compromised a repository, it demands a ransom in exchange for not releasing the company’s source code and intellectual property (IP) to the world.
According to BleepingComputer, the group claims it has successfully compromised Microsoft’s source code repositories, specifically its Azure DevOps server. Microsoft has not been able to confirm the claims, but is investigating to see if they are true.
We will continue to monitor this story and report on any additional details.