Microsoft is investigating claims made by the Lapsus$ hacking group that it has compromised Azure DevOps source code repositories. Lapsus$ has previously stolen data from Nvidia, Samsung, Ubisoft, and others. Rather than infecting its targets with malware, Lapsus$ infiltrates networks, steals sensitive data, and attempts to exact ransom payments from its victims.

They also announced a breach of a company associated with Okta and they claimed to be going after Okta customers. Exposed RDP servers are one way how Lapsus$ is assumed to have breached its targets. The goal is typically ransomware.

Source: SANS NewsBites 22nd March, 2022

SIEM solutions and services can detect ransomware attacks. To find out more, click here.