Hackers Release Alleged Microsoft Code After Huge Attack
The hacker group that claimed responsibility for a number of recent security breaches, including those targeting Samsung and NVIDIA, is apparently at it again. This time around, the focus of the group, which goes by the name Lapsus$, is Microsoft, and the hacker collective claims to have made off with some important source code after its most recent security breach. As BleepingComputer reports, over the weekend Lapsus$ shared an image on its Telegram account that suggested it had gained access to one of Microsoft's Azure DevOps accounts. Now, just a couple of days later, the group is releasing the source code it claims to have acquired through this security breach.
Even without confirmation of all the data Lapsus$ has in its possession, claims the group made off with source code for Microsoft projects has to be worrying for the big M. While the company simply tells BleepingComputer that it's still investigating the group's claims, those who have started the process of going through the leaked data seem to be confirming it does contain Microsoft source code and internal documentation.
What this alleged Microsoft data dump includes
According to BleepingComputer, the first torrent Lapsus$ published as part of this data dump includes a 9GB compressed archive containing around half of the source code for Bing Maps and Cortana, and almost all of the source code – around 90% – for Bing. Apparently, Lapsus$ made off with 37GB of uncompressed source code, with some security experts saying the data contained in this compressed archive does indeed seem to be Microsoft's internal code. One security researcher, Tom Malka, even tells BleepingComputer that he thinks Lapsus$ is being granted access to these internal systems by paying off employees, which would make for quite the caper.
Citing Soufiane Tahiri on Twitter, PCMag reports that Lapsus$ has lost access to that Azure DevOps account, with the group claiming it would have been a "complete dump" with continued access. In all, the group claims to have obtained source code from more than 250 projects, but it'll take time for security researchers to dig through the leaked data and confirm what's there.
Any way you want to slice it, this is probably not great for Microsoft, and it seems Lapsus$ has no intention of slowing down with its corporate breaches. We'll see what the company says when its investigation into the matter is complete, but if the group's boasting is accurate, then there's a lot of Microsoft source code suddenly floating around out there.