LAPSUS$ Ransomware (aka DEV-0537) is a new and emerging ransomware group that has successfully attacked major conglomerates. Like most ransomware groups, LAPSUS$ also infiltrates organizations with a phishing attack. From there on, they exploit vulnerabilities like privilege escalation to get hold of administrative rights and blatantly display their abilities. LAPSUS$ Threat group has allegedly breached Okta. This news comes in the same week when the group announced their infiltration of Microsoft’s Azure DevOps. If the shared screenshots are true, then LAPSUS$ has access to Microsoft’s internal source-code repositories.
The gang has previously (allegedly) compromised NVIDIA, Samsung, Vodafone, Mercado Libre, and Ubisoft.
Microsoft confirmed this leak in an advisory:
“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.” reads the post published by Microsoft. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”
TTPs (Tactics, Techniques, and Procedures) of the groups are: