After claims from the Lapsus$ group on breaching the Azure DevOps, Microsoft revealed that it was investigating the incident on Monday.
Lapsus$ is a notorious group targeting source code repositories of large companies and demanding ransom not to leak it. Microsoft’s incident, the gang, claims to have accessed the repository of Azure DevOps, where it contained the source code of Bing, Cortana, and others.
Source Code Leak at Microsoft
Lapsus$, the ransom gang that doesn’t follow the regular suite of breaching networks with special malware. Instead, it steals the source code repositories from employees working for large companies and demands that the victim company ransom does not leak it.
Lapsus$ has some big names under its victim list – like NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre. And now, the gang claims to have breached Microsoft’s Azure DevOps and accesses the source code of various applications of it.
This comes from the Lapsus$ telegram group, where the gang posted screenshots of data they had obtained from breaching Azure DevOps. The pictures depict file names containing the source code of Cortana and various Bing projects, named ‘Bing_STC-SV,’ ‘Bing_Test_Agile,’ and “Bing_UX.’
Microsoft allegedly breached.@campuscodi @vxunderground #cybersecurity #infosec @Microsoft pic.twitter.com/FAYl9Y29QT
— Dominic Alvieri (@AlvieriD) March 20, 2022
There are other files containing some other data that we are unknown yet. And for some reason, the gang had soon removed the screenshots and said they would repost them later. May it’s working on its posting policies, Microsoft has replied to BleepingComputer that it’s investigating the Lapsus$ claims.
Source code leaks can disturb some companies as it often contains valuable data like API keys, access tokens, credentials, encryption keys, etc.
Though Microsoft has an internal development policy of not including sensitive data like API keys, credentials, or access tokens in their source code repositories, it may still contain other valuable data like private encryption keys or other proprietary tools, which makes it vulnerable.