Hackers Claim They Breached Microsoft, Leak 37GB of Source Code

Close up of Microsoft Logo and Text on a Black Wall

The notorious Lapsus$ ransomware gang may have struck again, this time claiming tech titan Microsoft as its latest victim. Lapsus$ says it breached Microsoft’s Azure DevOps server, which contains the source code for numerous projects, including Bing and Cortana.

On Monday, the group posted a torrent on its Telegram channel which allegedly contains the source code of over 250 Microsoft projects. Security researchers have gone through the leaked files, telling Bleeping Computer that they appear to be legitimate. In a statement to Motherboard, a Microsoft spokesperson said: “We are aware of the claims and are investigating.”

Data Leaks also Contain Internal Microsoft Emails

Lapsus$ first hinted about the possible breach Sunday, telling their Telegram followers that the group breached Microsoft’s Azure DevOps server. Consequently, the group put out a 9 GB zip archive torrent which allegedly contained the source code of a wide range of Microsoft projects. The group claims the uncompressed archive has around 37 GB of Microsoft source code.

At the time of posting the torrent, Lapsus$ said it included 90% of Bing’s source code, and around 45% of the code for Bing Maps and Cortana. It also includes data on projects for websites, mobile applications, and other web-based infrastructure. Apart from source code, the leaked files reportedly contained emails and documentation from certain projects belonging to Microsoft’s engineers.

On the other hand, the leaked files did not contain any code for Windows, Windows Server, and Microsoft Office.

What We Know About Lapsus$ Ransomware Group

Lapsus$ has been very active through the first quarter of 2022, with multiple high-profile victims including Samsung and Nvidia. The group is known to steal important company information like source code, customer lists, and databases.

Like many ransomware attacks today, Lapsus$ demands a ransom from its victims in exchange for not publicly leaking the stolen information. It is currently unclear how the group carries out its attacks. However, some researchers speculate that Lapsus$ pays company insiders for access to networks and repositories.

The group has a large Telegram following, with more than 33,000 subscribers on its main channel and 8,000 on its chat channel. It usually uses these channels to announce new leaks or attacks, and even to interact with its rapidly growing fan base.

Companies Must Do More to Address Cyber Threats

The Lapsus$ group’s ongoing campaigns highlight just how important it is for companies to step up their cybersecurity. Ransomware attacks in particular can be very painful for businesses, as they suffer from having their data stolen, as well as being locked out of their systems.

Furthermore, paying a ransom does not guarantee that the hacker will return access, or exit their network infrastructure completely. This is why many U.S. and UK government officials do not recommend paying ransoms.

If you’re looking to protect your business, or need to bolster your security infrastructure, check out our beginner’s guide to cybersecurity for small businesses.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.