Microsoft’s internal Azure DevOps Server projects, including Bing and Cortana, were recently targeted by the threat group Lapsus$, leaking the projects’ source code to the public.
Through their Telegram channel, the Lapsus$ threat group shared a screenshot showing the Azure DevOps Server of Microsoft, which contains the source code for many of the giant tech firm’s internal projects like Bing and Cortana.
Lapsus$ has later published a 7zip archive consisting of a 9GB torrent file, allegedly holding over 250 of Microsoft’s internal project source code. According to the hacking group, the torrent file contains about 90% of Bing’s source code, while about 45% are Cortana’s and Bing Maps’ source code.
Security analysts believe that despite the threat group saying that only a fraction of Microsoft’s source code was included in the leak, an uncompressed archive from Lapsus$ allegedly contains 37GB of Microsoft’s project source code.
As analysts investigated the leak files, they verified that they are legitimate source code from Microsoft’s internal Azure DevOps Server.
The leaked files also include project emails and documentation used by Microsoft’s engineers to develop mobile applications. Moreover, the leaked projects are for the tech firm’s web-based infrastructure and have no source code for its desktop software, such as Microsoft Office apps, Windows, and Windows Servers.
Microsoft is now investigating the data breach incident against their Azure DevOps Server and will provide updates soon.
The Lapsus$ threat group has been actively performing attacks recently, targeting large firms like NVIDIA and Samsung. Some experts believe that these attacks are not associated with the current Russian-Ukraine conflict.
The group’s hacking process is yet to be uncovered by many cybersecurity experts, although some say that they pay corporate insiders to help them infiltrate sensitive company data. Their Telegram channel has also grown over time, with more than 33,000 subscribers always on the lookout for the hacking group’s latest attack and leak updates.