The Lapsus$ cybercriminal collective has been making headlines in recent weeks. After several high-profile attacks, the security community is turning its gaze toward this new threat actor and its techniques.

The Okta incident also reveals some details of their techniques. Microsoft has now published an in-depth blog post detailing the activities it has observed associated to DEV-0537, its reference name for Lapsus$. Cybersecurity blog Krebs on Security has a deeper dive into some of the group’s activities, confirming several of Microsoft’s findings.