Lapsus$ Hackers Claim to Leak Source Code of Microsoft Azure, Cortana, and Bing
Last week, the infamous hacker group Lapsus$ claimed that it had breached several Azure DevOps source code repositories. Microsoft is currently investigating claims of this hack, but the source code of Bing, Bing Maps, Cortana, and other internal projects may have been leaked online (via VentureBeat).
Over the weekend, the hacker group Lapsus$ posted a screenshot of an internal Microsoft developer account on its Telegram channel. Surprisingly, the screenshot suggests that the hackers managed to gain internal access to an Azure DevOps repository that contains the source code of Microsoft’s digital assistant Cortana and various Bing projects such as ‘Bing_UX’, ‘Bing_STC-SV’, as well as ‘Bing_Test_Agile.’ However, the screenshot has since been removed from Telegram’s public chat room, along with a message stating, “Deleted for now will repost later.”
While Microsoft has yet to confirm that its Azure DevOps source code repositories have been compromised, Lapsus$ has published the first evidence of this hack. Brett Callow, a threat analyst at cybersecurity firm Emsisoft, spotted that the hacker group has shared a 483 KB torrent file. The latest Telegram post suggests that this file contains parts of the source code (with encryption keys and code signing certificates) of Cortana, Bing, and Bing Maps. The full uncompressed source code archive is about 37GB in size.
“Given the lack of a denial from Microsoft and Lapsus$’ past victims, their claims are not entirely implausible,” said Brett Callow in a statement to VentureBeat. “The gang seems to be somewhat disorganized, which could indicate they’re relatively inexperienced – and that makes the fact they’re able to hit major corporations somewhat surprising.”
Lapsus$ has carried out high-profile cyberattacks on Samsung and Nvidia
The hacker group Lapsus$ has made headlines in the past few months for carrying out some high-profile cyberattacks against Samsung, Nvidia, Ubisoft, and Vodafone. Specifically, the Nvidia hack breached some graphics cards designs and source code for an AI rendering system called DLSS.
Microsoft has previously indicated that a source code leak doesn’t increase the security risks associated with its products. The company claims that its security model is designed on the assumption that threat actors have complete access to the source code of its products. However, it is important to note that malicious actors could use the source code to exploit Microsoft’s products and services.
More in Security
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
QNAP Warns NAS Users About New DeadBolt Ransomware Campaign
Jun 20, 2022 | Rabia Noureen
Microsoft Defender for Individuals is Now Available on Desktop and Mobile
Jun 16, 2022 | Rabia Noureen
Microsoft Acquires Foreign Cyber Threat Analysis Company Miburo
Jun 15, 2022 | Rabia Noureen
Most popular on petri