The South American-based data extortion hacking group Lapsus$ (opens in new tab) has allegedly gained access to Microsoft's Azure DevOps source code repositories and stolen data from the company.
Unlike other cybercriminal groups which deploy ransomware (opens in new tab) on the devices of their victims, Lapsus$ instead prefers to target the source code repositories of large tech companies. After stealing their proprietary data, the group then tries to ransom it back to the companies themselves for millions of dollars.
Although it's still unclear as to whether or not these ransom attempts have paid off yet, Lapsus$ has made a name for itself over the past few months by successfully attacking Nvidia (opens in new tab), Samsung (opens in new tab), Vodafone (opens in new tab), Ubisoft (opens in new tab) and Mercado Libre (opens in new tab).
Now though, it seems the group has stepped up its efforts by going after Microsoft and according to BleepingComputer (opens in new tab), the software giant is currently in the process of investigating Lapsus$'s claims that it stole the company's source code.
Internal source code repositories
The Lapsus$ group recently announced that they had hacked Microsoft's Azure DevOps server by posting a screenshot of the company's internal source code repositories on Telegram (opens in new tab).
The screenshot itself showed a picture of an Azure DevOps repository that contained the source code for Cortana (opens in new tab) along with several other Bing (opens in new tab) projects such as Bing_STC-SV, Bing_Test_Agile and Bing_UK.
Surprisingly, Lapsus$ didn't obscure the initials “IS” in the screenshot, perhaps as a way to let Microsoft know the identity of the compromised account of one of its employees. However, the initials could also indicate that the group was taunting the software giant as it's done with previous victims including Nvidia.
> Hackers threaten to turn every Nvidia GPU into a Bitcoin mining machine (opens in new tab)
> Nvidia hackers hit Samsung and leak huge data dump (opens in new tab)
> Ubisoft fans need to change their passwords now (opens in new tab)
While Lapsus$ took down their post fairly quickly, it was still up for long enough for security researchers to save it and share it online. Microsoft has yet to confirm if their Azure DevOps account was breached by the group but the company is aware of the group's claims and is currently investigating them.
Unlike with their recent attack on Nvidia where code-signing certificates obtained by Lapsus$ were used by other cybercriminals to distribute malware (opens in new tab), Microsoft's threat model assumes that attackers already understand how their software works. The software giant uses an inner source approach where open source software (opens in new tab) development best practices and an open source-like culture model make source code viewable within the company. As such, Microsoft doesn't rely on the secrecy of source code for the security of its products.
We'll likely hear more from Microsoft regarding the potential breach once the company finishes conducting its investigation into the Lapsus$ group's claims.
- We've also highlighted the best endpoint protection software (opens in new tab) and the best firewall (opens in new tab)
Via BleepingComputer (opens in new tab)