After apparently gaining access to Microsoft's Azure DevOps source code repositories over the weekend, South America-based data extortion hacking outfit Lapsus€ has now released certain of the device's internal files free shopping online.
In a recent post on Telegram, the group shared a screenshot of Microsoft's Azure DevOps account to show that they had hacked into one of the company's servers that contained source code for Bing, Cortana, and other internal projects.
Now, however, Lapsus€ has made the source code of more than two hundred and fifty Microsoft projects available online in a nine GB torrent. As a whole, the torrent itself contains ninety percent of the Bing source code and forty-five percent of the Bing, Bing Maps, and Cortana source code.
While Lapsus€ claims that it only leaked some of Microsoft's source code, security scholars who chatted with BleepingComputer claim that the uncompressed file actually contains thirty-seven GB of projects. After taking a closer look at the contents of the torrent, security scholars are convinced that the leaked files are legitimate internal company source code.
pay for access
In addition to internal source code, some of the leaked projects contain emails and other documents that were used internally by Microsoft engineers working on mobile apps. Each and every project itself seems to be related to web framework, sites or mobile apps and now it seems that Lapsus€ hasn't stolen any source code of Microsoft desktop software like Windows eleven, Windows Server and Microsoft Office.
Microsoft may be the latest victim, but in recent months, the Lapsus€ outfit has made a name for itself by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.
While it remains unclear how the suite managed to target the source code repositories of so many large companies in such a short time, some security scholars believe that Lapsus€ pays for access to company insiders. Indeed, in a previous post on its rapidly developing Telegram channel, the outfit claimed that it was actively recruiting employees and specialists from telecoms, major software and gaming companies, call centers, and dedicated server hosting vendors.
In addition to recruitment, Lapsus€ also uses its Telegram channel to announce new leaks and attacks, as well as for self-promotion. The group has already amassed almost forty subscribers on the platform that they still use to chat with their fans.
Now that the Lapsus€ set has gained a lot of fame online, expect law enforcement and even large corporations like Microsoft to start taking steps to disrupt your business before it strikes again. .
Via BleepingComputer