Apple Leads Singles’ Day Smartphone Sales as iPhone 17 Demand Surges 
Baidu Cuts Jobs as AI Competition and Ad Revenue Slump Intensify 
AI-Guided Drones Transform Ukraine’s Battlefield Strategy 
Australia Releases New National AI Plan, Opts for Existing Laws to Manage Risks 
Nexperia Urges China Division to Resume Chip Production as Supply Risks Mount 
Sam Altman Reportedly Explored Funding for Rocket Venture in Potential Challenge to SpaceX 
Apple Alerts EU Regulators That Apple Ads and Maps Meet DMA Gatekeeper Thresholds 
OpenAI Moves to Acquire Neptune as It Expands AI Training Capabilities 
Intel Boosts Malaysia Operations with Additional RM860 Million Investment 
Wikipedia Pushes for AI Licensing Deals as Jimmy Wales Calls for Fair Compensation 
Norway’s Wealth Fund Backs Shareholder Push for Microsoft Human-Rights Risk Report 
TSMC Accuses Former Executive of Leaking Trade Secrets as Taiwan Prosecutors Launch Investigation 
Senate Sets December 8 Vote on Trump’s NASA Nominee Jared Isaacman 
YouTube Agrees to Follow Australia’s New Under-16 Social Media Ban 
Coupang Apologizes After Massive Data Breach Affecting 33.7 Million Users 
Samsung Launches Galaxy Z TriFold to Elevate Its Position in the Foldable Smartphone Market 
Microsoft confirmed it has been tracking the Lapsus$ hacker group and released a set of recommendations for its customers on how to mitigate risks of being the next target. The company also confirmed that the group has gained “limited access” to some source codes of its products, but maintained that no customer code or data were involved in the cyber breach.
In a lengthy blog post published on Tuesday, Microsoft confirmed it has been actively monitoring the activities of the group, which it officially named DEV-0537. The tech giant noted that Lapsus$, per Microsoft’s observations in recent weeks, has employed social engineering and extortion campaigns against its targets.
Microsoft took note of the group’s claims of gaining access to its server, resulting in “exfiltrated portions of source code.” But the company assured its customers that their data and codes remain safe.
“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access,” the company said. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”
Microsoft confirmed the incident a couple of days after Lapsus$ had reportedly leaked the source code for Microsoft’s software products, including Bing and Cortana. Bleeping Computer reported that the group shared a screenshot on their Telegram channel on Sunday to prove it had accessed Microsoft’s Azure DevOps server.
Lapsus$ released 9GB worth of files on late Monday, which they claimed to be containing the source code of more than 250 Microsoft projects. The same report, however, noted that uncompressed files included around 37GB of source code from the company.
Meanwhile, Microsoft warned its customers and other companies that Lapsus$ had been openly recruiting employees of potential targets who would give them credentials and multifactor authentication details in exchange for money.
The company noted that the hacker group has been using a common form of social engineering attack. They reportedly use a compromised account that they would then bombard with MFA prompts before calling the target company’s IT help desk to request for the credentials to be reset. Before Microsoft, Lapsus$ made headlines after reportedly targeting Nvidia, Samsung, and Ubisoft.
Photo by Aktar Hossain on Unsplash
