Microsoft investigating alleged Lapsus$ hack of Azure DevOps source code repositories

Microsoft says it is looking into claims that the Lapsus$ data extortion hacking group gained access to its internal Azure DevOps source code repositories and stole data.

The company told BleepingComputer that it was aware of the claims made by the group and was in the process of investigating those claims.

Over the last months, Lapsus$ has compromised a number of major companies including Samsung, Nvidia, Vodafone, Mercado Libre and Ubisoft. Earlier this month, the gang published a massive collection of files, about 190 GB in total, which it said belonged to Samsung Electronics.

The leak allegedly included bootloader source code for recent Samsung devices, algorithms for all biometric unlock operations, source code for Samsung’s activation servers, the full source code used to authenticate Samsung accounts, and secret Qualcomm source code.

While other extortion gangs use ransomware to lock their victims’ machines, Lapsus$ uses a different strategy. It goes after the source code repositories of big companies, steals their proprietary data, and then demands millions of dollars in ransom to give that data back to the victims.

On Sunday, the Lapsus$ gang shared on its Telegram channel a screenshot of what appeared to be data acquired from an official developer account for Azure, Microsoft’s cloud computing business.

The operatives claimed to have gained access to an Azure repository that contained the source code for Cortana as well as other Bing projects.

Lapsus$ said it accessed the repositories by hacking an Azure DevOps server.

An administrator of the Telegram channel later deleted the screenshots and posted the message: “Deleted for now will repost later”.

However, the group left the initials of logged-in user, “IS,” in the screenshot, potentially enabling Microsoft to identify the hacked account.

Microsoft has previously said that a source code leak does not increase the security risk associated with its products.

The company’s security strategy already makes the assumption that bad actors have…