What just happened? The hackers behind recent attacks on Nvidia, Samsung, and Vodafone appear to have successfully compromised another company: Microsoft. The Windows-maker is investigating claims by Lapsus$ that the group gained access to internal Azure DevOps servers and leaked source code for Bing, Cortana, and other projects.
On Sunday, Lapsus$ posted what seemed to be a screenshot of an internal Microsoft developer account to its Telegram channel. Motherboard reports that the Azure DevOps account in question allows developers to collaborate on Microsoft projects, including Bing and Cortana. An administrator for the channel removed the images soon after they were posted, writing, "Deleted for now will repost later."
Bleeping Computer writes that the hackers weren't finished. On Monday, Lapsus$ posted a torrent for a 9GB 7zip archive that contained source code for over 250 Microsoft projects. The group claims it featured 90% of the source code for Bing and approximately 45% of the code for Bing Maps and Cortana. The publication writes that even though this was only part of the code, there was around 37GB of uncompressed data in the archive, which security researchers say appears to be legitimate.
There were also internal emails and documentation related to mobile apps in the leaked data. But it is noted that the projects are for web-based infrastructure, websites, or mobile apps, with no source code for desktop software such as Windows or Office.
Courtesy of Bleeping Computer
Microsoft is the latest company to fall victim to Lapsus$. The group made headlines after leaking 1TB of stolen data from Nvidia that exposed over 70,000 employee account login credentials. It also claims to have used the stolen info to create a tool that can bypass Nvidia's Lite Hash Rate limiter without flashing or updating the firmware on a graphics card, which it offered to potential buyers for $1 million.
The hackers also claimed an attack that leaked 190GB of confidential information from Samsung, including encryption data and source code for the company's most recent devices. Argentinian eCommerce company MercadoLibre/MercadoPago, Portuguese media conglomerate Impresa, and telecoms giant Vodafone are also alleged to have been breached.
Exactly how Lapsus$ is successfully bypassing these companies' security is unknown, though some believe it could be buying off employees—the group has already made it clear they are willing to pay for access to internal systems.