After allegedly gaining access to Microsoft’s Azure DevOps source code repositories over the weekend, the South American-based data extortion hacking group Lapsus $ has now made some of the company’s internal files available online.
In a recent post on Telegram, the group shared a screenshot of Microsoft’s Azure DevOps account to show that they had hacked one of the company’s servers which contained the source code for Bing, Cortana and a number of other internal projects.
Now though, Lapsus $ has made the source code for over 250 Microsoft projects available online in a 9GB torrent. According to the group, the torrent itself contains 90 percent of the source code for Bing and 45 percent of the source code for both Bing Maps and Cortana.
While Lapsus $ says that they only leaked some of Microsoft’s source code, security researchers that spoke with BleepingComputer say that the uncompressed archive actually contains 37GB of projects. After examining the contents of the torrent more closely, the security researchers are confident that the leaked files are legitimate internal source code from the company.
Paying for access
In addition to internal source code, some of the leaked projects contain emails and other documentation that was used internally by Microsoft engineers working on mobile apps. The projects themselves all appear to be related to web-based infrastructure, websites or mobile apps and at this time, it seems that Lapsus $ did not steal any source code for Microsoft’s desktop software such as Windows 11, Windows Server and Microsoft Office.
Microsoft may be the latest victim but over the past few months, the Lapsus $ group has made a name for itself by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.
While it’s still unknown as to how the group has managed to target the source code repositories of so many big companies in such a short time, some security researchers believe Lapsus $ is paying corporate insiders for access. In fact, in a previous post on its fast-growing Telegram channel, the group said that it actively recruits employees and insiders at telecoms, large software and gaming companies, call centers and dedicated server hosting providers.
Besides recruitment, Lapsus $ also uses its Telegram channel to announce new leaks and attacks as well as for self-promotion. The group has already amassed close to 40k subscribers on the platform which it even uses to chat with its fans.
Now that the Lapsus $ group has gained a great deal of online notoriety, expect law enforcement agencies and even large companies like Microsoft to begin taking action to disrupt its activities before it strikes again.