According to Bleeping Computer, which has posted several screenshots attributed to Lapsus$, the group has hacked into an Azure DevOps repository containing source code for Cortana and various Bing projects, called ‘Bing_STC-SV’, ‘Bing_Test_Agile’ and “Bing_UX”.
The screenshot also shows other source code repositories, but what they contain is unknown. Bleeping Computer adds that, strangely, the extortion ring left the connected user’s initials, “IS”, on the screenshot, which could allow Microsoft to identify and secure the compromised account. The inclusion of the initials may also mean that they no longer have access to the repository or that they are simply making fun of Microsoft, something the extortion ring is known to do with previous victims.
Shortly after posting the screenshot, the Lapsus$ gang removed their post and replaced it with a message that read, “Removed for now, we’ll repost later.” However, security researchers, unnamed by Bleeping Computer, had already taken the screenshot and shared it on Twitter by then.
Although Microsoft has not confirmed whether its Azure DevOps account has been breached, it has told Bleeping Computer that they are aware of the claims and are investigating them.
Unlike many well-known extortion groups, Lapsus$ does not install ransomware on its victims’ devices. Instead, they target the source code repositories of large companies, steal their proprietary data, and then attempt to demand millions of dollars in ransom from the company.
Unfortunately, Lapsus$ has a history of confirming the truth of its claims about attacks on other companies.
While leaking source code makes it easier to find vulnerabilities in a company’s software, Microsoft has previously stated that leaking source code does not increase risk. Microsoft claims that its threat model assumes that threat actors already understand how their software works, either through reverse engineering or previous source code leaks.
“At Microsoft, we have an internal source approach—using open source software development best practices and an open source-like culture—to make source code visible within Microsoft. This means that we do not rely on source code secrecy for product security, and our threat models assume that attackers have knowledge of the source code. Therefore, viewing the source code is not linked to heightened risk,” Microsoft explained in a blog post about SolarWinds attackers’ access to its source code.
diarioti.com
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.