In a blog post dated March 22, 2022, published hours after Lapsus$ (one of the most prolific hacking groups in the world) posted a file containing partial source code for Bing, Bing Maps, and Cortana, Microsoft revealed that an employee's account was compromised by the hacker group, giving attackers access to Microsoft systems and allowing source code theft.
Microsoft admitted a five-day window of time between January 16 and 21, 2022, when an attacker had access to a support engineer's laptop. Do you know how many behavioral anomalies an external attacker can unleash disguised as an employee from his laptop just in a few hours?
Many.
Lapsus$ is known for using a pure extortion and destruction model (without deploying ransomware payloads). Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and Multi-Factor Authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets.
"The social engineering and identity-centric tactics leveraged by Lapsus$ require detection and response processes that are similar to insider risk programs-but also involve short response timeframes needed to deal with malicious external threats"
March 22, 2022 - Microsoft Threat Intelligence Center (MSTIC)