Microsoft confirms source code theft by hacker group Lapsus$

The notorious hacker group Lapsus$ was able to steal source code from Microsoft. Microsoft confirmed the successful hacker attack.

Microsoft has confirmed that hacker group Lapsus$ managed to steal source code. Microsoft lists this hacker group as “DEV-0537”. With this, Microsoft confirms a

previous claim of the hackers.
They had uploaded a 37 GB archive to a file sharing platform ( see below ). The archive should contain parts of the source code for Bing, Bing Maps and Cortana.

According to Microsoft, the hackers were able to compromise “a single account” of a Microsoft employee with limited access to the source code and steal parts of the source code for some Microsoft products. Microsoft investigators have been following the Lapsus$ group’s activities for weeks. According to the Microsoft Threat Intelligence Center (MSTIC), the goal of attackers is to use stolen credentials to gain enhanced access that enables data theft and destructive attacks that often escalate into extortion.

Microsoft emphasizes that the leaked code does not pose a security risk and that Microsoft has blocked the hackers’ access. Customer data was not affected by the hacker attack.

update end

After Samsung and Nvidia, among others, it seems that Microsoft has now also caught on. According to the US IT security portal Bleeping Computer, the well-known and almost notorious hacker group Lapsus$ claims that it has captured source code from Microsoft. It should be source code from Bing, Cortana and other projects. Lapsus$ claims to have stolen this data from Microsoft’s internal Azure DevOps servers.

The hackers published a screenshot on their Telegram channel on Sunday morning, which is said to show the stolen source code packages on the Azure DevOps servers. Then, Monday night, the hackers uploaded a 9GB 7Zip archive to a file-sharing network. According to Bleeping Computer, this should contain the source code of over 250 Microsoft projects. Lapsus$ claims that the 7Zip archive contains 90 percent of the Bing source code and about 45 percent of the Bing Maps and Cortana code. According to Bleeping Computer, the archive contains 37 GB of Microsoft source code.

No Windows code

Security researchers who looked at the leaked files told Bleepingcomputer that it appears to be genuine Microsoft internal source code. Emails and documentation used by Microsoft developers to publish mobile applications should also be included. The projects seem to be web-based infrastructures, websites or mobile applications. Source code for Microsoft desktop software, primarily Windows, Windows Server and Microsoft Office, is not included in the leak.

Microsoft confirms investigation

Microsoft told Bleepingcomputer that it would investigate the incident. Also to an editor at IT news site The Verge

Microsoft that it is investigating the hacker group’s claim.

The key question is still unanswered: How did the hackers get the data? According to Bleepingcomputer, security experts suspect that the hackers paid Microsoft employees to get the data. In line with this, Lapsus$ is specifically looking for employees of large IT companies such as Microsoft, Apple, EA or IBM in order to pay them for information.

Samsung hacked: Explosive data on Galaxy devices leaked

Cybersecurity incident confirmed at Ubisoft

Nvidia data theft: hackers set an ultimatum until Friday – or all data will be leaked

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button