The very same day that the hackers group Lapsus$ claimed to have stolen big portions of the source code of Bing including Search and Maps, Microsoft came forward to announce their initial findings about the hack they suffered.

Referencing their own team that practically monitors this kind of thing, Microsoft confirmed that they were hacked because of a single compromised account and identified the group as DEV-0537 internally.

As per Microsoft Threat Intelligence Center’s analysis of monitoring Lapsus$ movements in the past few months, they believe that the group  is dedicated to do theft and destruction and they operate by stealing credentials, probably via successful phishing campaigns (feels weird that I conclude this in 2022).

“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.

Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

-Microsoft

As always, Microsoft urges people to take advantage of extra security for your system, don’t ignore how weak your password AND your 2-way factor method is as they served themselves as an example.