Microsoft may be the latest victim of Lapsus$

Read Time:2 Minute, 13 Second

The South American-based data extortion hacking group Lapsus$ has allegedly gained access to Microsoft’s Azure DevOps source code repositories and stolen data from the company.

Unlike other cybercriminal groups which deploy ransomware on the devices of their victims, Lapsus$ instead prefers to target the source code repositories of large tech companies. After stealing their proprietary data, the group then tries to ransom it back to the companies themselves for millions of dollars.

Although it’s still unclear as to whether or not these ransom attempts have paid off yet, Lapsus$ has made a name for itself over the past few months by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.

Now though, it seems the group has stepped up its efforts by going after Microsoft and according to BleepingComputer, the software giant is currently in the process of investigating Lapsus$’s claims that it stole the company’s source code.

Internal source code repositories

The Lapsus$ group recently announced that they had hacked Microsoft’s Azure DevOps server by posting a screenshot of the company’s internal source code repositories on Telegram.

The screenshot itself showed a picture of an Azure DevOps repository that contained the source code for Cortana along with several other Bing projects such as Bing_STC-SV, Bing_Test_Agile and Bing_UK.

Surprisingly, Lapsus$ didn’t obscure the initials “IS” in the screenshot, perhaps as a way to let Microsoft know the identity of the compromised account of one of its employees. However, the initials could also indicate that the group was taunting the software giant as it’s done with previous victims including Nvidia.

While Lapsus$ took down their post fairly quickly, it was still up for long enough for security researchers to save it and share it online. Microsoft has yet to confirm if their Azure DevOps account was breached by the group but the company is aware of the group’s claims and is currently investigating them.

Unlike with their recent attack on Nvidia where code-signing certificates obtained by Lapsus$ were used by other cybercriminals to distribute malware, Microsoft’s threat model assumes that attackers already understand how their software works. The software giant uses an inner source approach where open source software development best practices and an open source-like culture model make source code viewable within the company. As such, Microsoft doesn’t rely on the secrecy of source code for the security of its products.

We’ll likely hear more from Microsoft regarding the potential breach once the company finishes conducting its investigation into the Lapsus$ group’s claims.