Microsoft Security teams have been actively tracking a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. DEV-0537, also known as LAPSUS$ is known for using a pure extortion and destruction model without deploying ransomware payloads. For more technical and mitigation information, please read the Microsoft Security blog. As Microsoft continues to track DEV-0537’s tactics and techniques, we are also sharing guidance, detections and hunting queries to help our customers better defend against this threat through our security products.

Note: Security Threat Essentials contains security content that is relevant for DEV-0537, please install the solution to enhance your security posture.

Learn more about Microsoft Sentinel | Learn more about Solutions