After allegedly gaining access to Microsoft's Azure DevOps source code repositories over the weekend, the South American-based data extortion hacking group slip $ it has now made some of the company's internal files available online.
In a recent post on Telegram, the group shared a screenshot of Microsoft's Azure DevOps account to show that they had hacked into one of the company's servers containing the source code for bing , Cortana and a number of other internal projects.
Now, however, Lapsus$ has made the source code for over 250 Microsoft projects available online in a 9GB torrent. According to the group, the torrent itself contains 90 percent of the Bing source code and 45 percent of the Bing Maps and Cortana source code.
While Lapsus$ says they only leaked some of Microsoft's source code, security researchers who spoke with BleepingTeam say that the uncompressed file actually contains 37 GB of projects. After taking a closer look at the contents of the torrent, security researchers are confident that the leaked files are legitimate internal company source code.
pay for access
In addition to internal source code, some of the leaked projects contain emails and other documentation that was used internally by Microsoft engineers working on mobile apps. All of the projects themselves appear to be related to web-based infrastructure, websites, or mobile applications, and at this time, it appears that Lapsus$ did not steal any Microsoft desktop software source code, such as windows 11 Windows servers and microsoft office .
Microsoft may be the latest victim, but in recent months the Lapsus$ group has made a name for itself by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.
While it remains unknown how the group managed to target the source code repositories of so many large companies in such a short amount of time, some security researchers believe that Lapsus$ is paying corporate insiders for access. In fact, in a previous post about its rapid growth Telegram channel, the group said it actively recruits employees and experts from telecommunications, large software and gaming companies, call centers and dedicated server hosting providers
In addition to recruiting, Lapsus$ also uses its Telegram channel to announce new leaks and attacks, as well as for self-promotion. The group has already amassed close to 40,000 subscribers on the platform that they even use to chat with their fans.
Now that the Lapsus$ group has gained a lot of notoriety online, expect law enforcement agencies and even large companies like Microsoft to start taking steps to disrupt its activities before it strikes again.
Via BleepingTeam