Yet Another Intrusion Into Microsoft’s Internal Systems

by | Jun 22, 2023

The cybercriminal team that claims to have hacked Microsoft has begun dumping files from the alleged hack. The same cybercriminal team that recently infiltrated Nvidia releases a screenshot that implies the hackers obtained access to Bing’s source code as well. The Lapsus$ hacker group claims to have stolen source code for Bing, Cortana, and other Microsoft projects from the Azure DevOps server.

The Lapsus$ group tweeted a screenshot to their Telegram channel early Sunday morning, claiming to have stolen Microsoft’s Azure DevOps server, which contained source code for Bing, Cortana, and other internal projects. On Monday night, the hacker group released a torrent for a 9 GB 7zip package containing the source code for over 250 Microsoft-related projects. Lapsus$ claimed in the torrent post that is has comprised 90 percent of the source code for Bing and about 45 percent of the code for Bing Maps and Cortana.

Despite the fact that they claim that a portion of the source code was leaked, BleepingComputer has learned that the uncompressed download comprises around 37GB of allegedly Microsoft source code. According to security specialists who examined the leaked files, they appear to be real internal Microsoft source code. Furthermore, several of the leaked projects are said to contain emails and documentation that were plainly utilised by Microsoft engineers to launch mobile apps internally.

Lapsus$ is a data extortion hacking group that infiltrates company networks in order to steal source code, customer lists, databases, and other sensitive information. They then try to extort money from the victim by demanding that the data not be leaked publicly. Lapsus$ has revealed multiple assaults on prominent corporations in recent months, including confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

The projects appear to be for web-based infrastructure, websites, or mobile apps, and there is no source code for Microsoft desktop software, such as Windows, Windows Server, or Microsoft Office. When approached about the source code breach, Microsoft stated that they are aware of the allegations and are looking into it. This notion is plausible, considering Lapsus$ has already said that they are willing to purchase staff network access.

However, Lapsus$ uploaded screenshots of their access to Okta’s internal webpages, implying that it may be more. Because Okta is an authentication and identity management platform, Lapsus$ may possibly utilise the company’s customers if they successfully penetrated it.

The majority of the cyberattacks have so far focused on source code repositories, allowing threat actors to obtain sensitive, proprietary information like NVIDIA’s light hash rate (LHR) technology, which allows graphics cards to lower their mining capacity. The tactics used by threat actors to get access to these repositories are unknown, however some security researchers believe they are paying insiders.

Lapsus$, on the other hand, has a sizable Telegram following, with over 33,000 subscribers on their main channel and over 8,000 on their chat channel. The extortion group utilizes their extremely busy Telegram channels to announce fresh leaks, assaults, and communicate with their admirers, and they appear to be enjoying the attention.

Many of the regulars from the RaidForums data breach topic are likely to be conversing in Lapsus$’s Telegram channels now that the RaidForums data breach forum has been shut down. For the time being, further breaches are likely to occur as Lapsus$ and its admirers rejoice over the data disclosures.