[German]The hacker group Lapsuss$ claims to have hacked the repositories with the source codes of the Microsoft products Azure, Bing, Bing Maps and Cortana and to have extracted source code. Hours ago, it was said that Microsoft was investigating whether the Azure source code repository had been hacked. Now the hacker group Lapsus$ has published the first evidence of this hack.
First reports on the hack
Sunday, 20 March 2022, Tom Malka hinted in the following tweet that Microsoft may have been the victim of a hack by the hacker group Lapsus$.
The above tweet shows a screenshot posted on Telegram early Sunday morning Lapsus$. The screenshot allegedly shows folders from internal Microsoft source code repositories. This was to suggest that the hackers had access to Microsoft's Azure DevOps servers. The screenshot pictured shows an Azure DevOps repository containing the source code for Cortana and various Bing projects named "Bing_STC-SV", "Bing_Test_Agile" and "Bing_UX". However, the post was probably deleted again after a short time. The colleagues from Bleeping Computer have picked up the story in this post. Microsoft has not confirmed the Azure DevOps account hack, but indicated to BleepingComputer that they are investigating these reports.
Lapsus$ allegedly publishes source code
A few minutes ago, I came across several messages on Twitter from security researchers who have picked up on publications by the Lapsus$ gang. Brett Callow writes in the following tweet that Lapsus$ claims to have published parts of the source code of Bing, Bing Maps and Cortana.
Tom Malka has also just pointed to new releases from Lapsus$ in the following tweet, which mentioned data captured from Samsung and Microsoft by Lapsus$.
The entire source code could probably not be pulled off, because at some point the hacker who had access to the repository had to sleep, as he writes in the chat. During this time, access to the source code "died".
Lapsus$ and the many hacks
Lapsus$ is a hacker group that specialises in phishing its way into other people's IT systems. The name is derived from a ransomware of the same name, which the hackers install on the victims' systems if necessary. The hacker group extracts data with each intrusion in order to blackmail the victims. The hackers threaten the victim with the publication of the captured data if they refuse to pay a ransom. Lapsus$ has been occurring since December 2021 and hacked Portuguese media group Impresa at the turn of the year (which is why some security experts suspect the hacking group originated in South America, but the origin is unclear so far). The group communicates via Telegram and has carried out some spectacular hacks on Nvidia, Samsung and now Microsoft since early 2022.
Addendum: In this tweet Soufiane Tahiri writes, that the extradicted data "includes some emails and some strong pub/priv keys for name signing and some code signing certificates". That would be the worst case szenario for Microsoft and the Windows Eco system.
A source told me that this is all old data from 2020 – but I am not sure. It is possible that all this is connected to the hack of the OKTA authentication service reported in the following list of links.
Ubisoft hacked by Lapsus$ cyber gang (March 2022)
Cyber attacks on Nvidia and McDonalds (Feb. 25, 2022)
Samsung bestätigt Hack, Quellcodes durch Lapsus$ geleakt
Authentication service OKTA hacked by Lapsus$?
Cookies helps to fund this blog: Cookie settings