Lapsus$ hack group stole the source codes of Microsoft products

Source code of Microsoft products

The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server.

Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various other projects of the company.

On Monday evening, the group then torrented a 9 GB 7zip archive containing the source code for more than 250 projects that they say are owned by Microsoft.

Source code of Microsoft products

Lapsus$ states that the archive contains 90% of the Bing source code and approximately 45% of Bing Maps and Cortana code, while Bleeping Computer reports that the uncompressed archive contains approximately 37 GB of source code. At the same time, according to the hackers, only part of the source code got into the dump.

Source code of Microsoft products

Researchers that have already examined the leak confirm that the files are indeed internal Microsoft source codes. Additionally, some of the projects are reported to contain emails and documentation that were clearly used by Microsoft engineers internally to publish mobile apps.

Apparently, these projects are intended for web infrastructure, sites or mobile applications, and the sources for desktops, including Windows, Windows Server and Microsoft Office, have not been published.

Microsoft representatives say they already know about this leak, and the company is investigating what happened.

Soon, representatives of Microsoft, which tracked Lapsus$ under the identifier DEV-0537, confirmed the compromise.

In the course of this activity, source codes or customer data were not affected. Our investigation revealed that one account was compromised and this helped [the hackers] gain limited access. Our response teams quickly set about fixing the hacked account issue and preventing further action [by the attackers].

Microsoft does not consider code secrecy to be a security measure, meaning that viewing the source code does not increase the risk.

Our team was already investigating an account compromise when the attackers publicly reported their intrusion. This public announcement intensified our activity, allowing our specialists to intervene and interrupt the actions of hackers in the middle of the operation.Microsoft says.

Let me remind you that the Lapsus$ extortionist group breaks into corporate systems and steals source codes, customer lists, databases and other valuable information from companies. At the same time, attackers very rarely use a ransomware. More often, hackers simply extort ransoms from victims, demanding money, and otherwise cajoling to publish the stolen data. Previously, Lapsus$ has already attacked such giants as Samsung, Nvidia, Vodafone, Ubisoft and Mercado Libre.

Let me remind you that I also talked about the fact that 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues, and also that US and UK accused China for attacks on Microsoft Exchange servers.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *