After reportedly gaining access to Microsoft’s Azure DevOps source code repositories over the weekend, South American data extortion hacking group Lapsus$ has now made some of the company’s internal files available online.
In a recent post on Telegram, the group shared a screenshot of Microsoft’s Azure DevOps account to show that they hacked into one of the company’s servers that contained source code for Bing, Cortana and a number of other internal projects.
Now, however, Lapsus$ has made the source code for more than 250 Microsoft projects available online in a 9GB torrent. According to the group, the torrent itself contains 90 percent of the source code for Bing and 45 percent of the source code for both Bing Maps and Cortana.
While Lapsus$ says they’ve only leaked some of Microsoft’s source code, security researchers who spoke to BleepingComputer say the uncompressed archive actually contains 37GB of projects. After further investigating the contents of the torrent, security researchers are convinced that the leaked files are legitimate internal source code of the company.
Pay for access
In addition to internal source code, some of the leaked projects contained emails and other documentation used internally by Microsoft engineers working on mobile apps. The projects themselves all appear to be related to web-based infrastructure, websites or mobile apps and at this point it appears that Lapsus$ has not stolen source code for Microsoft’s desktop software such as Windows 11, Windows Server and Microsoft Office.
Microsoft may be the latest victim, but in recent months the Lapsus$ group has made a name for itself by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.
While it’s still unknown how the group managed to target the source code repositories of so many large companies in such a short time, some security researchers believe that Lapsus$ pays corporate insiders for access. In fact, in a previous post on the burgeoning Telegram channel, the group said it is actively recruiting employees and insiders from telecom, major software and gaming companies, call centers and dedicated server hosting providers.
In addition to recruiting, Lapsus$ also uses its Telegram channel to announce new leaks and attacks and for self-promotion. The group has already amassed nearly 40k subscribers on the platform that it even uses to chat with its fans.
Now that the Lapsus$ group has gained a lot of notoriety online, expect law enforcement and even major corporations like Microsoft to take steps to disrupt its operations before it strikes again.