Hacking group Lapsus$ claims to have leaked source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.
Early Sunday morning, the Lapsus$ gang posted a screenshot on their Telegram channel stating that they hacked into Microsoft's Azure DevOps server which contains the source code for Bing, Cortana, and various other internal projects.
On Monday night, the hacking group released a torrent of a 9 GB 7zip file containing the source code for more than 250 projects they say belong to Microsoft.
When publishing the torrent, Lapsus$ said that it contained 90% of the Bing source code and about 45% of the Bing Maps and Cortana code.
Although they say that only part of the source code was leaked, BleepingComputer is told that the uncompressed file contains approximately 37 GB of source code that supposedly belongs to Microsoft.
Security researchers who pored over the leaked files told BleepingComputer that they appear to be legitimate internal Microsoft source code.
Additionally, we are told that some of the leaked projects contain emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps.
The projects appear to be for web-based infrastructure, websites, or mobile applications, with no source code for published Microsoft desktop software, including Windows, Windows Server, and Microsoft Office.
When we contacted Microsoft about tonight's source code leak, they went on to tell BleepingComputer that they are aware of the claims and are investigating.
Lapsus$ filters data from left to right
Lapsus$ is a data extortion hacking group that compromises corporate systems to steal source code, customer lists, databases, and other valuable data. They then try to extort the victim with ransom demands so as not to publicly leak the data.
In recent months, Lapsus$ has revealed numerous cyberattacks against large companies, with confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoftand Free market.
Until now, most attacks have targeted source code repositories, allowing threat actors to steal sensitive proprietary data, such as NVIDIA's lite hash rate (LHR) technology that allows graphics cards to throttle GPU mining.
How threat actors are breaching these repositories is unknown, but some security researchers believe they are paying corporate insiders to gain access.
"From my perspective, they continue to gain access through corporate insiders," Threat Intelligence Analyst. tom malka he told BleepingComputer.
This theory is not far-fetched, as Lapsus$ has previously announced that they are willing to buy access to employee networks.
However, it may be more than that, as Lapsus$ posted screenshots of their access to what they claim to be Okta's internal websites. Since Okta is an identity management and authentication platform, if Lapsus$ managed to breach the company's security, they could use it as a springboard for the company's customers.
As for Lapsus$, he has gained a huge following on Telegram, with over 33,000 subscribers on his main channel and over 8,000 on his chat channel.
The extortion group uses its very active Telegram channels to announce new leaks, attacks, and chat with its fans, and seems to be enjoying the notoriety.
With the RaidForums Data Breach Forum Shutdownwe are likely to see many of that site's regulars now interacting together on the Lapsus$ Telegram channels.
For the time being, we are likely to see more leaks as Lapsus$ and his fans celebrate the data leaks.
