After terrorising Nvidia and Samsung in the last few weeks, the Lapsus$ hacking group has struck Microsoft and leaked the source code for Bing, Cortana and other internal Microsoft projects from the Azure DevOps server.
On Sunday, the group posted a screenshot on their Telegram channel, hinting that they got into Microsoft’s DevOps server containing source code for the aforementioned projects. By Monday night, the group had posted a torrent for a 9 GB 7Zip archive containing the source code of over 250 projects they claim to come from Microsoft.
The torrent contains source code for Bing, Bing Maps and Cortana. The group claims that the Bing Maps dump is about 90% complete, and Bing and Cortana are about 45%.
Update [23/03/2022]: Microsoft has confirmed that it was hacked by Lapsus$ after the latter published source code from over 250 Microsoft projects. DEV-0537, Microsoft’s internal name for Lapsus$, compromised a single account and stole parts of the source code.
The leaked source code isn’t enough to cause an elevation of risk and its security teams shut out the attackers mid-operations. Lapsus$ also reported that it was only able to steal around 45% of the code for Bing and Cortana and 90% of the code for Bing Maps.
The company also published an analysis on its security site saying that it has been tracking Lapsus$ for weeks, including the details of some of its methods used to attack targets. As per the Microsoft Threat Intelligence Centre (MSTIC) DEV-0537 aims to gain elevated access using stolen credentials and then steals data or launches “destructive attacks” against a targeted organisation.
Lapsus$ strikes again
While Lapsus$ claims they’ve only leaked some source code, The BleepingComputer reports that the uncompressed archive has about 37GB of source code allegedly belonging to Microsoft. Security Researchers who have had a chance to look at the source code claim it seems to be legitimate. Microsoft claims to be in the know of what happened and is currently investigating the same.
Microsoft being hacked, however, might be the first of many upcoming hacks. Shortly after posting the torrent containing Microsoft’s source code, the group also posted screenshots from their access to an Okta admin panel.
The group claimed that they did not access or steal any data from Okta and their focus was only on Okta customers, meaning the platform’s hack can be used as a starting point for further attacks.
Lapsus$ is a data extortion group that’s been quite active lately. Just this month, the group hacked Nvidia and leaked source code for their drivers, demanding that Nvidia make it open source. Following the Nvidia attack, the group also hacked Samsung and leaked around 190GB of data from the company, including some source code from their Galaxy smartphones.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.