After claims from the Lapsus$ group on breaching the Azure DevOps, Microsoft revealed that it was investigating the incident on Monday.
Lapsus$ is a notorious group targeting source code repositories of large companies and demanding ransom not to leak it. Microsoft’s incident, the gang, claims to have accessed the repository of Azure DevOps, where it contained the source code of Bing, Cortana, and others.
Source Code Leak at Microsoft
Lapsus$, the ransom gang that doesn’t follow the regular suite of breaching networks with special malware. Instead, it steals the source code repositories from employees working for large companies and demands that the victim company ransom does not leak it.
Lapsus$ has some big names under its victim list – like NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre. And now, the gang claims to have breached Microsoft’s Azure DevOps and accesses the source code of various applications of it.
This comes from the Lapsus$ telegram group, where the gang posted screenshots of data they had obtained from breaching Azure DevOps. The pictures depict file names containing the source code of Cortana and various Bing projects, named ‘Bing_STC-SV,’ ‘Bing_Test_Agile,’ and “Bing_UX.’
BREAKING Microsoft allegedly breached. @campuscodi @vxunderground #cybersecurity #infosec @Microsoft pic.twitter.com/FAYl9Y29QT — Dominic Alvieri (@AlvieriD) March 20, 2022
