Microsoft may be the latest victim of Lapsus$

News
By Anthony Spadafora
published

Hacker group claims to have stolen the source code for Cortana and several Bing projects

Hacker
(Image credit: ozrimoz / Shutterstock)

The South American-based data extortion hacking group Lapsus$ has allegedly gained access to Microsoft's Azure DevOps source code repositories and stolen data from the company.

Unlike other cybercriminal groups which deploy ransomware on the devices of their victims, Lapsus$ instead prefers to target the source code repositories of large tech companies. After stealing their proprietary data, the group then tries to ransom it back to the companies themselves for millions of dollars.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

Although it's still unclear as to whether or not these ransom attempts have paid off yet, Lapsus$ has made a name for itself over the past few months by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.

Now though, it seems the group has stepped up its efforts by going after Microsoft and according to BleepingComputer, the software giant is currently in the process of investigating Lapsus$'s claims that it stole the company's source code.

Internal source code repositories

The Lapsus$ group recently announced that they had hacked Microsoft's Azure DevOps server by posting a screenshot of the company's internal source code repositories on Telegram.

The screenshot itself showed a picture of an Azure DevOps repository that contained the source code for Cortana along with several other Bing projects such as Bing_STC-SV, Bing_Test_Agile and Bing_UK. 

Surprisingly, Lapsus$ didn't obscure the initials “IS” in the screenshot, perhaps as a way to let Microsoft know the identity of the compromised account of one of its employees. However, the initials could also indicate that the group was taunting the software giant as it's done with previous victims including Nvidia.

Read More

> Hackers threaten to turn every Nvidia GPU into a Bitcoin mining machine

> Nvidia hackers hit Samsung and leak huge data dump

> Ubisoft fans need to change their passwords now

While Lapsus$ took down their post fairly quickly, it was still up for long enough for security researchers to save it and share it online. Microsoft has yet to confirm if their Azure DevOps account was breached by the group but the company is aware of the group's claims and is currently investigating them.

Unlike with their recent attack on Nvidia where code-signing certificates obtained by Lapsus$ were used by other cybercriminals to distribute malware, Microsoft's threat model assumes that attackers already understand how their software works. The software giant uses an inner source approach where open source software development best practices and an open source-like culture model make source code viewable within the company. As such, Microsoft doesn't rely on the secrecy of source code for the security of its products.

We'll likely hear more from Microsoft regarding the potential breach once the company finishes conducting its investigation into the Lapsus$ group's claims.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.