What is LAPSUS$? Data extortion group leaks 37GB of Microsoft's alleged source code
The notorious hacking group Lapsus$ appears to have successfully breached and leaked the source code for several Microsoft projects including bing, Cortana from the company's internal Azure DevOps server.
The hacktivist gang posted a screenshot to their Telegram channel early Sunday morning, March 20, claiming they hacked the software giant's internal servers that contained source code for Bing, Cortana, and various other projects. The following day, the group posted a torrent for a 9GB zipped archive containing the source code of over 250 projects allegedly belonging to Microsoft.
Anonymous declares 'cyber war' against Putin, shuts down Kremlin-backed media website
Pandora Papers: US a 'go-to' for hiding wealth of world's richest, data leak reveals
Lapsus$ revealed while posting the torrent that the folder contained 90 per cent of the source code for Bing and approximately 45 per cent of the code for Bing Maps and Cortana. The uncompressed archive reportedly contains close to 37GB of source code. Some security experts have said the leaked trove of files appear to be legitimate internal source code from Microsoft. Meanwhile, some of the leaked projects also contain emails and documentation that were used internally by Microsoft engineers to publish mobile applications. According to BleepingComputer, the projects appear to be linked to "web-based infrastructure, websites, or mobile apps, with no source code for Microsoft desktop software released, including Windows, Windows Server, and Microsoft Office." Microsoft responded to the alleged leak in a statement, “We are aware of the claims and are investigating.”
What is LAPSUS$?
Lapsus$ has been described as a data extortion hacking group that breaks into corporate infrastructures to steal source code, databases, customer lists, and other valuable data. The victim is later extorted with ransom to not leak the data to the public. The infamous group has claimed responsibility for several cyberattacks in the past few months, especially against large companies including NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.
Most of the attacks thus far have targeted source code repositories, stealing sensitive, propriety data such as NVIDIA's lite hash rate (LHR) technology that enables graphics cards to regulate a GPU's mining capacity. While it is unclear how the threat actors are able to breach the databases, some data security researchers believe they are paying insiders for access. "From my perspective, they keep on getting their access using corporate insiders," threat intelligence analyst Tom Malka told BleepingComputer. It's worth noting that Lapsus$ has previously expressed willingness to purchase access to networks from corporate employees.
However, it's highly possible that the group managed to hack into the system, considering they posted screenshots of their access to what they claim are Okta's internal websites. Okta, an authentication and identity management platform, could potentially be used by the group as a springboard to the company's clientele. Lapsus$ has amassed quite the following on Telegram, with over 33,000 subscribers on their main channel and over 8,000 on their chat channel. The hackers use these channels to announce new leaks, attacks, and to communicate with their fans.
That said, LAPSUS$ is a relative newcomer, with its first suspected campaigns being against Brazilian and Portuguese companies at the end of last year, and targets including Brazil’s health ministry, the Portuguese media firm Impresa, and South American telecoms Claro and Embratel. The latest Microsoft hack suggests that the data extortion group has gained confidence and widened its ambitions after previous attacks against giants Nvidia and Samsung, Gizmodo reported.