Microsoft suffers data breach by hacking group LAPSUS$

Last Updated:

South-American Hacking group LAPSUS$, the same group behind the Nvidia hack a few weeks ago is back with another victim, Microsoft. As reported by Motherboard, the group alleges to have gained access to Azure DevOps source code, in addition to stealing data from the company. Instead of wanting to target consumer data, or installing ransomware onto the devices of employees at the business, LAPSUS$ is in the business of leaking source code and data that they then want to sell back to the company. But, it’s unclear if they’ve attempted to sell the data back to Microsoft.

But, one thing that they have done is leaked a screenshot from a Microsoft Azure DevOps account, which includes the source code repositories for countless projects such as Bing, Cortana, and more. But, the screenshot was quickly deleted after it was posted on their Telegram channel, an administrator commented ‘Deleted for now will repost later’. That’s exactly what they did, but this time, the group put it all back up as a torrent file, for anyone to download.

LAPSUS$ list torrent up for download

Lapsus hack

From the post listed by LAPSUS$, we can see that the group has begun to release some files they managed to obtain from the hack itself, seemingly in a move to intimidate Microsoft into bowing to whatever demands that they may be making for the information. In addition to this, having a public file release like this is bad news for Microsoft, as their competitors can easily read and reverse-engineer their technology, in a similar vein to what they did to Nvidia’s DLSS source code leaks.

According to Motherboard, the group was looking for employees inside Microsoft to work with them, in addition to a list of other companies such as Apple and IBM. A quote posted on the group’s Telegram channel states the following: ‘TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk,’

They were explicitly looking into a backdoor into Microsoft’s network, disguised as a legitimate user, and they have clearly since been successful after the attack in reaching the information that they were looking for,…