The Lapsus$ ransomware hacker group may have breached internal source code repositories for Microsoft Azure DevOps, according to multiple news outlets.
A Lapsus$-affiliated account on messaging application Telegram posted a photo Sunday of internal source code repositories allegedly from a Microsoft server. The repository appears to show access to Bing- and Cortana-related projects.
“We are aware of the claims and are investigating,” a Microsoft spokesperson said to CRN US in a statement.
Lapsus$ removed the post shortly after publication and published the message, “Deleted for now will repost later,” according to news reports.
The LAPSUS$ ransomware group just posted an image of what looks to be Microsoft's internal DevOps platform... yikes... pic.twitter.com/PFdlezyDW9— Bill Demirkapi (@BillDemirkapi) March 20, 2022
The reports came from The Stack, Motherboard, Bleeping Computer and other news reports.
Lapsus$ has previously targeted Nvidia, Samsung and other big tech companies.
Nvidia has said that its “business and commercial activities continue uninterrupted” and allegedly attacked Lapsus$ back.
Lapsus$ made a ransom demand of Nvidia to make its graphics cards more suitable for mining cryptocurrency, according to Motherboard.
Samsung told CRN in a statement that there was “a security breach relating to certain internal company data,” involving 190 gigabytes of sensitive Samsung data.
In a 2020 blog post on suspected Russian government hackers and malicious SolarWinds Orion code, Microsoft said that hackers accessing source code doesn’t by itself cause a higher security risk for services or customer data.
“At Microsoft, we have an inner source approach – the use of open-source software development best practices and an open source-like culture – to making source code viewable within Microsoft,” according to the post. “This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.”
It continued: “As with many companies, we plan our security with an “assume breach” philosophy and layer in defence-in-depth protections and controls to stop attackers sooner when they do gain access.”
The Lapsus$ ransomware gang is relatively new, but just last month knocked the websites of one of Portugal’s biggest newspapers and of a major broadcaster offline, according to The National. Both the newspaper and the website are owned by Portugal’s largest media conglomerate Impresa, according to The National.
In December 2021, Lapsus$ allegedly hacked Brazil’s health ministry website and took several systems down, including one with information about the national immunization program and another used to issue digital vaccination certificates, according to The National.