Microsoft may be the latest victim of Lapsus$

Hacker group claims to have stolen the source code for Cortana and several Bing projects

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The South American-based data extortion hacking groupLapsus$has allegedly gained access toMicrosoft’s Azure DevOps source code repositories and stolen data from the company.

Unlike other cybercriminal groups which deployransomwareon the devices of their victims, Lapsus$ instead prefers to target the source code repositories of large tech companies. After stealing their proprietary data, the group then tries to ransom it back to the companies themselves for millions of dollars.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a£100 Amazon gift card(or equivalent in USD). Thank you for taking part.

Click here to start the survey in a new window«

Although it’s still unclear as to whether or not these ransom attempts have paid off yet, Lapsus$ has made a name for itself over the past few months by successfully attackingNvidia,Samsung,Vodafone,UbisoftandMercado Libre.

Now though, it seems the group has stepped up its efforts by going after Microsoft and according toBleepingComputer, the software giant is currently in the process of investigating Lapsus$’s claims that it stole the company’s source code.

Internal source code repositories

The Lapsus$ group recently announced that they had hacked Microsoft’s Azure DevOps server by posting a screenshot of the company’s internal source code repositories onTelegram.

The screenshot itself showed a picture of an Azure DevOps repository that contained the source code forCortanaalong with several otherBingprojects such as Bing_STC-SV, Bing_Test_Agile and Bing_UK.

Surprisingly, Lapsus$ didn’t obscure the initials “IS” in the screenshot, perhaps as a way to let Microsoft know the identity of the compromised account of one of its employees. However, the initials could also indicate that the group was taunting the software giant as it’s done with previous victims includingNvidia.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Hackers threaten to turn every Nvidia GPU into a Bitcoin mining machine

Nvidia hackers hit Samsung and leak huge data dump

Ubisoft fans need to change their passwords now

While Lapsus$ took down their post fairly quickly, it was still up for long enough for security researchers to save it and share it online. Microsoft has yet to confirm if their Azure DevOps account was breached by the group but the company is aware of the group’s claims and is currently investigating them.

Unlike with their recent attack on Nvidia where code-signing certificates obtained by Lapsus$ were used by other cybercriminals to distributemalware, Microsoft’s threat model assumes that attackers already understand how their software works. The software giant uses an inner source approach whereopen source softwaredevelopment best practices and an open source-like culture model make source code viewable within the company. As such, Microsoft doesn’t rely on the secrecy of source code for the security of its products.

We’ll likely hear more from Microsoft regarding the potential breach once the company finishes conducting its investigation into the Lapsus$ group’s claims.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Watch out, Nvidia - new benchmarks suggest Apple M4 Ultra could beat the mighty RTX 4090