The notorious Lapsus$ ransomware gang may have struck again, this time claiming tech titan Microsoft as its latest victim. Lapsus$ says it breached Microsoft’s Azure DevOps server, which contains the source code for numerous projects, including Bing and Cortana.
On Monday, the group posted a torrent on its Telegram channel which allegedly contains the source code of over 250 Microsoft projects. Security researchers have gone through the leaked files, telling Bleeping Computer that they appear to be legitimate. In a statement to Motherboard, a Microsoft spokesperson said: “We are aware of the claims and are investigating.”
Data Leaks also Contain Internal Microsoft Emails
Lapsus$ first hinted about the possible breach Sunday, telling their Telegram followers that the group breached Microsoft’s Azure DevOps server. Consequently, the group put out a 9 GB zip archive torrent which allegedly contained the source code of a wide range of Microsoft projects. The group claims the uncompressed archive has around 37 GB of Microsoft source code.
At the time of posting the torrent, Lapsus$ said it included 90% of Bing’s source code, and around 45% of the code for Bing Maps and Cortana. It also includes data on projects for websites, mobile applications, and other web-based infrastructure. Apart from source code, the leaked files reportedly contained emails and documentation from certain projects belonging to Microsoft’s engineers.
On the other hand, the leaked files did not contain any code for Windows, Windows Server, and Microsoft Office.
What We Know About Lapsus$ Ransomware Group
Lapsus$ has been very active through the first quarter of 2022, with multiple high-profile victims including Samsung and Nvidia. The group is known to steal important company information like source code, customer lists, and databases.
Like many ransomware attacks today, Lapsus$ demands a ransom from its victims in exchange for not publicly leaking the stolen information. It is currently unclear how the group carries out its attacks. However, some researchers speculate that Lapsus$ pays company insiders for access to networks and repositories.
The group has a large Telegram following, with more than 33,000 subscribers on its main channel and 8,000 on its chat channel. It usually uses these channels to announce new leaks or attacks, and even to interact with its rapidly growing fan base.
Companies Must Do More to Address Cyber Threats
The Lapsus$ group’s ongoing campaigns highlight just how important it is for companies to step up their cybersecurity. Ransomware attacks in particular can be very painful for businesses, as they suffer from having their data stolen, as well as being locked out of their systems.
Furthermore, paying a ransom does not guarantee that the hacker will return access, or exit their network infrastructure completely. This is why many U.S. and UK government officials do not recommend paying ransoms.
If you’re looking to protect your business, or need to bolster your security infrastructure, check out our beginner’s guide to cybersecurity for small businesses.