‘Single account’ compromise led to Microsoft’s Lapsus$ code leak

Attackers were interrupted mid-operation.

Microsoft has gone public over how the hackers that work under the Lapsus$ moniker got access to its systems.

Over the weekend, the hackers posted and deleted screenshots on Telegram that suggested they’d accessed code for Cortana and Bing.

In a blog post outlining Microsoft’s analysis of Lapsus$’ techniques, Microsoft said it managed to interrupt the attackers.

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion,” the post states.

“This public disclosure escalated our action, allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”ADVERTISING

The attack did not result in any widespread compromise, Microsoft said.

“Our investigation has found a single account had been compromised, granting limited access.

“Our cyber security response teams quickly engaged to remediate the compromised account and prevent further activity.”

Similar to its response to previous code leaks, Microsoft added that having code viewed by outsiders is no longer the catastrophe it might once have been.

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk”, the post continued.