Microsoft released an urgent notice March 22 confirming it has been a target of Lapsus$, a data exfiltration and destruction cybergroup, allegedly led by a 16-year-old.
Lapsus$ also known as DEV-0537, known for using a pure extortion and destruction model, compromised a Microsoft employee's email account, gaining access to its systems and stealing its source code.
No customer code or data was involved in the infiltration.
The attacks have been traced to a 16-year-old Oxford, England, boy, according to a Bloomberg article published March 23.
He was arrested and is alleged to have been the mastermind behind the high-profile attacks that have been known to target government, technology, telecom, media, retail and healthcare sectors.
Microsoft is providing risk mitigation strategies and recommendations to help organizations harden their security against any other potential attacks.