The Microsoft source code breach may be much bigger than we thought

Microsoft logo outside building
(Image credit: gguy / Shutterstock)

After allegedly gaining access to Microsoft's Azure DevOps source code repositories over the weekend, the South American-based data extortion hacking group Lapsus$ has now made some of the company's internal files available online.

In a recent post on Telegram, the group shared a screenshot of Microsoft's Azure DevOps account to show that they had hacked one of the company's servers which contained the source code for Bing, Cortana and a number of other internal projects. 

Now though, Lapsus$ has made the source code for over 250 Microsoft projects available online in a 9GB torrent. According to the group, the torrent itself contains 90 percent of the source code for Bing and 45 percent of the source code for both Bing Maps and Cortana.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

While Lapsus$ says that they only leaked some of Microsoft's source code, security researchers that spoke with BleepingComputer say that the uncompressed archive actually contains 37GB of projects. After examining the contents of the torrent more closely, the security researchers are confident that the leaked files are legitimate internal source code from the company.

Paying for access

In addition to internal source code, some of the leaked projects contain emails and other documentation that was used internally by Microsoft engineers working on mobile apps. The projects themselves all appear to be related to web-based infrastructure, websites or mobile apps and at this time, it seems that Lapsus$ did not steal any source code for Microsoft's desktop software such as Windows 11, Windows Server and Microsoft Office.

Microsoft may be the latest victim but over the past few months, the Lapsus$ group has made a name for itself by successfully attacking Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre.

While it's still unknown as to how the group has managed to target the source code repositories of so many big companies in such a short time, some security researchers believe Lapsus$ is paying corporate insiders for access. In fact, in a previous post on its fast-growing Telegram channel, the group said that it actively recruits employees and insiders at telecoms, large software and gaming companies, call centers and dedicated server hosting providers.

Besides recruitment, Lapsus$ also uses its Telegram channel to announce new leaks and attacks as well as for self-promotion. The group has already amassed close to 40k subscribers on the platform which it even uses to chat with its fans.

Now that the Lapsus$ group has gained a great deal of notoriety online, expect law enforcement agencies and even large companies like Microsoft to begin taking action to disrupt its activities before it strikes again.

Via BleepingComputer

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.