Great article from Brian Krebs regarding LAPSUS$ and the ease with which they obtained VPN creds for almost any entity they targeted. This is a compelling reason for focused behavioural analysis of all remote, successful logins ideally through some form of active service like Managed Detection & Response (MDR) to ensure that your Mean Time To Respond (MTTR) is kept at low as possible. Interested in MDR services, please reach out.
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/