Real Microsoft hack or simple bluff? The hacker group Lapsus$ claims to have succeeded in hacking a Microsoft platform on which there are source code repositories. Microsoft is investigating.
Microsoft, new victim of Lapsus$? This is the hypothesis that has emerged in recent days, with the publication of a screenshot showing some of the innards of the American company. This screenshot, which was originally shared on Telegram, and since removed, shows internal company resources suggesting a hack of the Azure DevOps platform.
The capture in question shows projects related to Bing, Microsoft’s search engine: one of them concerns the source code, another the user experience. We see other engineering topics, but also a file on Cortana, the tool designed by Microsoft to serve as a virtual assistant. Other directories are visible in the sidebar, but without seeing their contents.
What is Lapsus$ looking for?
If Lapsus$ has obviously changed his mind and removed this screenshot, it has had plenty of time to be recovered and shared on the net, like here March 20, 2022. And already, questions arise, because the capture turns out to be quite surprising: we can indeed see at the top right the initials of the compromised Azure DevOps account, which can only direct Microsoft to know where seek to secure access.
” Why reveal this access if they haven’t already achieved their goals / stolen the data they wanted? Seems like a completely unnecessary risk, unless of course they don’t care about being caught at this point. asks Bill Demirkapi, an engineer specializing in computer security who is one of those who recovered the famous screenshot.
Only assumptions can be made at this stage: a blunder, the desire to show off to other groups of pirates, to demonstrate their level, something else? Lapsus$ does not seem to have left empty-handed in any case, because the group has shared files containing, according to him, source code for Bing, but also for Cortana and Bing Maps, Microsoft’s mapping tool.
Lapsus$ is linked to attacks that affected Nvidia, Vodafone, Ubisoft and Samsung
The name of Lapsus$ has gained visibility in recent months, as it has been associated with attacks targeting large groups such as the American Nvidia, the South Korean Samsung, the French Ubisoft and the British Vodafone, a telecom giant. . Added to this list is Microsoft, another very prestigious target given its weight in tech.
Like any real or supposed security incident, Microsoft has obviously launched investigations to verify if there is a credible danger or not. But as the Bleeping Computer site points out, the Redmond firm has considered in the past that the leak of the source code does not necessarily lead to an aggravation of the security risk for the group.
” At Microsoft, […] we do not rely on secrecy of source code for product security, and our threat models assume that attackers have knowledge of source code “, declared the company at the end of 2020 during Solarwinds, which has been one of the great cyber threats in recent years. ” The consultation of the source code is therefore not linked to the elevation of the risk. »
This is a very optimistic reading: Bleeping Computer reports that sometimes sensitive elements can be found in the source code: access tokens (tokens), API keys, useful information to identify oneself or even certificates of code signing. A problem of this kind had been observed for example with the hacking of Twitch and access codes to AWS.