We gathered the effects of Lapsus$ Microsoft breach. The South American-based data extortion hacking group Lapsus$ has now made portions of Microsoft’s internal files available online, after allegedly gaining access to the company’s Azure DevOps source code repositories over the weekend.
The group posted a screenshot of Microsoft’s Azure DevOps account on Telegram in recent weeks to demonstrate that they had exploited one of the firm’s servers, which held the source code for Bing, Cortana, and a number of other internal applications.
However, the Lapsus$ collective has published the source code for over 250 Microsoft projects online in a 9GB torrent. According to the organization, the torrent contains 90 percent of Bing’s source code and 45 percent of both Bing Maps and Cortana’s source code.
According to Lapsus$, only a portion of Microsoft’s source code was leaked, but security experts who spoke with BleepingComputer believe that the compressed archive includes 37GB of projects. The researchers are now certain that the leaked files are genuine internal source code from the firm after examining the torrent more closely.
Lapsus$ Microsoft breach: Hackers work hard
Some of the leaked projects contain emails and other documentation that was utilized internally by Microsoft engineers working on mobile apps. The projects appear to be connected to web-based infrastructure, websites, or mobile apps and thus it appears that Lapsus$ did not steal source code for Microsoft’s desktop software such as Windows 11, Windows Server, or Microsoft Office.
Despite Microsoft’s recent fall, the Lapsus$ group has gained a reputation for successfully attacking Nvidia, Samsung, Vodafone, Ubisoft, Mercado Libre, and Okta in recent months.
While the means by which Lapsus$ has been able to target so many major firms’ source code repositories in such a short period of time is still unknown, some security experts believe the group is paying corporate insiders for access. In fact, the group claimed it actively seeks out workers and insiders at telecoms, large software and gaming companies, call centers, and dedicated server hosting providers in a previous post on its fast-growing Telegram channel.
Lapsus$ also takes advantage of its Telegram group to disclose new leaks and attacks, as well as self-promotion, using the channel. The group has already amassed around 40k followers on the platform, which it also utilizes to interact with its supporters.
Expect law enforcement agencies and even large organizations like Microsoft to begin taking action to disrupt the Lapsus$ group’s operations before it strikes again, now that it has gained a lot of attention online.