expired: Last Sunday the LAPSUS $ cyber extortion group posted on its Telegram channel a screenshot of what appeared to be an internal Microsoft developer account. The screenshot turned out to be from an Azure DevOps account, a product Microsoft offers that allows developers to collaborate on projects.
The specific projects shown in the screenshot are included
“Bing_UX”, which could refer to Microsoft’s Bing search engine user experience
“Bing-Source”, which indicates access to the source code of the search engine
“Cortana”, the intelligent assistant from Microsoft
“mscomdev”, “microsoft”, and “msblox”, indicating that whoever took the screenshot also has access to other code repositories.
But was this true? Lapsus $ not only successfully attack the IT giant’s infrastructure, but also steal equipment from them? A few days ago, Microsoft launched an internal investigation to confirm this. And today it released a statement acknowledging not only that it has been the victim of a cyber attack, but Lapsus $ claimed, but also that elements of the source code of the Bing search engine and the Cortana assistant -named after the franchise’s character- have been stolen. of Halo games.
Who is Lappus$? This group of hackers has managed to break into several well-known companies lately, but it is not the typical group that only goes after money using ransomware tactics – it hijacks systems and releases them in exchange for money. LAPSUS$ sometimes demands an unusual ransom from its victims, such as asking Nvidia to unlock aspects of its graphics cards to make them more suitable for cryptocurrency mining. So far, the group has not filed any public lawsuits against Microsoft.
The curious thing is that this attack on Microsoft isn’t exactly surprising, given that a month earlier, Lapsus $ placed a somewhat discreet ad on its Telegram channel seeking employees within companies to work with them, including Microsoft:
“Recruit employees/insiders below!!!!” PLEASE NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE WHO PROVIDES US A VPN OR CITRIX ON THE NETWORK, or a desktop.”
In the message, Lapsus $ pointed directly at companies like Apple, IBM and Microsoft, outlining specific ways in which hackers could gain access to the networks of targeted companies using the rogue employee. Since December, the group has breached the Brazilian Ministry of Health, a number of Brazilian and Portuguese companies, then Nvidia and Samsung in February and March respectively, according to a timeline of LAPSUS $ attacks published by cybersecurity firm Silent Push. † The group has also reportedly claimed responsibility for the attack on Ubisoft this month.