The hacking group Lapsus$ claims to have leaked the source code for Bing, Cortana and other projects stolen from Microsoft’s internal Azure DevOps server.
Early Sunday morning, the Lapsus$ gang posted a screenshot on their Telegram channel showing that they had hacked into Microsoft’s Azure DevOps server with source code for Bing, Cortana and several other internal projects.
Screenshot of Microsoft’s Azure DevOps account leaked by Lapsus$
On Monday evening, the hacking group posted a torrent for a 9 GB 7zip archive containing the source code of more than 250 projects that they say are from Microsoft.
When posting the torrent, Lapsus$ said it contained 90% of the source code for Bing and about 45% of the code for Bing Maps and Cortana.
While they say only a portion of the source code has been leaked, BleepingComputer is told that the uncompressed archive contains about 37GB of source code that is said to be from Microsoft.
Leaked source code projects
Security researchers who looked into the leaked files told BleepingComputer that they appear to be legitimate Microsoft internal source code.
Furthermore, we were told that some of the leaked projects contained emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps.
The projects appear to be intended for web-based infrastructure, websites, or mobile apps, without releasing the source code for Microsoft desktop software, including Windows, Windows Server, and Microsoft Office.
When we contacted Microsoft about tonight’s source code leak, they kept telling BleepingComputer that they were aware of the claims and are investigating.
Lapsus$ is leaking data left and right
Lapsus$ is a data extortion hacking group that compromises corporate systems to steal source code, customer lists, databases and other valuable data. Then they try to extort the victim with ransom demands and not publicly to leak the data.
In recent months, Lapsus$ has disclosed numerous cyber-attacks targeting large companies, with confirmed attacks on NVIDIA, Samsung, Vodafone, Ubisoft and Mercado Libre.
So far, most attacks have targeted source code repositories, allowing the threat actors to steal sensitive, proprietary data, such as NVIDIA’s lite hash rate (LHR) technology that allows graphics cards to reduce a GPU’s mining capacity.
It is not known how the threat actors penetrate these repositories, but some security researchers believe that they pay company insiders for access.
“From my perspective, they continue to gain access with company insiders,” threat intelligence analyst Tom Malka told BleepingComputer.
This theory is not far-fetched, as Lapsus$ has previously expressed its willingness to buy off network access from employees.
Lapsus$ recruits business insiders
It could be more than that, though, as Lapsus$ posted screenshots of their access to what they believe to be Okta’s internal websites. Since Okta is an authentication and identity management platform, if Lapsus$ were to successfully penetrate the company, they could potentially use it as a springboard to the company’s customers.
As for Lapsus$, they have gained a huge following on Telegram, with over 33,000 subscribers on their main channel and over 8,000 on their chat channel.
The extortion group uses their very active Telegram channels to announce new leaks and attacks and to chat with their fans, and they seem to enjoy the notoriety.
With the RaidForums forum for data breaches closed, we’re likely to see many of that site’s regulars now interacting with each other on Lapsus$’s Telegram channels.
For now, we’ll likely see more breaches coming as Lapsus$ and their fans celebrate the data breaches.
This post Lapsus$ Hackers Leak 37GB of Alleged Microsoft Source Code
was original published at “https://www.bleepingcomputer.com/news/microsoft/lapsus-hackers-leak-37gb-of-microsofts-alleged-source-code/”
