Hacker group Lapsus$ claims to have attacked Microsoft’s internal servers and obtained source code from many projects, including Bing and Cortana.
On the Telegram channel on March 21, Lapsus$ posted a screenshot showing that the team has access to the Azure DevOps server, which contains much of the project’s source code. Microsoft.
A day later, the group continued to publish torrent files which allowed downloading of compressed data of 9 GB. Lapsus$ claims that this data includes source code for 250 Microsoft projects, such as 90% of the source code of the Bing search engine and 45% of the source code of Bing Maps and the virtual assistant Cortana.
A screenshot of Lapsus$ showing the team gaining access to Microsoft’s internal servers.
Specializing in Security Bleeping Computer say that after decompressing they gained 37 GB of data. Several security experts also confirmed that this is indeed the source code of the Microsoft project.
“These projects are in the area of web-based infrastructure, websites and mobile applications, but do not have Microsoft computer software source code like windowWindows Server or Office”, Bleeping Computer Write.
Microsoft did not immediately provide comment, but said it had received the report and was investigating.
In several previous statements, Microsoft has made it clear that source code leaks are unlikely to create another attack risk. In fact, a knowledgeable person can fully understand how software works through reverse engineering. In addition, the company also develops software in a similar way to open source, not considering the secrets of the source code as a protection method for certain products.
Meanwhile, Lapsus$’s main objective in most attacks is extortion. Unlike other hacker groups that use ransomware to encrypt data and demand ransom, Lapsus$ often takes advantage of loopholes from employees at victim companies. This group hacks into employee accounts, or pays people at the company to gain access. They then steal proprietary data and demand businesses to pay millions of dollars in return.
Nvidia, Samsung, Vodafone, Ubisoft and Mercado Libre… are the latest victims of this group. In the Nvidia Problemafter the blackmail failed, Lapsus$ was directed to ask the company to unlock the mining feature on its graphics card.
Luu Quy
at Blogtuan.info – Source: vnexpress.net – Read the original article here
