International teenagers took the risk... 

Microsoft recently confirmed that an account belonging to one of their employees was compromised by the Lapsus$ hacking group, which allowed them to abscond with portions of the company's source code.

Yes, you read that correctly.  Microsoft got hacked.  They now join the latest in a seemingly unending parade of large tech companies to have been hacked by well-organized hackers.

In this case, the attackers made off with a head-spinning 37 GB of data. Most of it was in the form of source code for a wide range of internal Microsoft projects including those for Bing, Cortana, and Bing Maps.


...and got arrested 

On 24 March 2022, seven people aged between 16 and 21 were arrested by the City of London Police in connection to a police investigation into Lapsus$. An alleged prominent member of the group with the pseudonym White was arrested in Oxford, England.

His identity had allegedly previously been disclosed by a former associate, and various groups including research group Unit 221B were reported to have identified him. Two teenage members were charged on 1 April 2022.


Microsoft said this in a public statement

"No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.

Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.

Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact."

An investigation into the matter is ongoing but already the company has assessed its own processes and is making changes to further bolster their security.


Microsoft's recommendation was to do the following

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks
  • Establish operational security processes in response to DEV-0537 (Lapsus$) intrusions


My perspective

No one is safe, but kudos to Microsoft for their transparency here and for publishing specific steps that others can take to help minimize their risks.


And "Yeah Team!" for knocking them over


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association