Exploit: Unauthorized Access
Microsoft: Software Company
Risk to Business: 2.337 = Severe
The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Source code is a useful asset for cybercriminals that can help them develop new malware and attack techniques.
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.