Hacking group claims to leak Microsoft source code

Missed a session at the Data Summit? View on demand here.

A threat actor who previously stole and leaked data from Nvidia and Samsung now claims it posted Microsoft source code for Bing, Bing Maps and Cortana on its Telegram channel.

The threat actor, Lapsus$, believed to be active in South America, posted the claim on Telegram Monday at 6:17pm PST.

On Sunday, Lapsus$ had posted a screenshot that it claimed was Microsoft’s source code repositories, including for Bing and Cortana.

The group claimed to have gained access to the repositories by hacking into an Azure DevOps server. The screenshot was later removed without explanation. “Will repost later,” the group had said.

In response, Microsoft issued a statement saying that the company was investigating the claims.

Monday’s new Telegram message contains a 483 KB file, which Lapsus says contains some of the source code for Microsoft’s Bing search engine, Bing Maps service and Cortana’s virtual assistant. The group suggested that the file contains 90% of the Bing Maps data it claims to have stolen, and 45% of the Bing and Cortana data it claims to have stolen. “Have fun everyone!” reads the message.

VentureBeat has reached out to Microsoft for comment on Lapsus$’s latest claims.

“Given the lack of denial from previous victims of Microsoft and Lapsus$, their claims are not entirely implausible,” Brett Callow, a threat analyst at Emsisoft, told VentureBeat. “The gang appears to be a bit disorganized, which could indicate that they are relatively inexperienced — which makes the fact that they can affect large companies somewhat surprising.”

Screenshot of Lapsus$ Telegram Channel

In the past month, vendors including Nvidia and Samsung Electronics have confirmed the threat actor’s data theft. For example, on March 1, Nvidia said that “we are aware that the threat actor took employee credentials and certain Nvidia proprietary information from our systems and started leaking it online.”

Stolen Nvidia data allegedly includes graphics card designs and source code for DLSS, an AI rendering system.

Experts have said Lapsus$’s motives are not clear given the lack of past financial demands.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Hacking group claims to leak Microsoft source code

was original published at “https://venturebeat.com/2022/03/21/hacking-group-claims-to-leak-microsoft-source-code/”