Microsoft was hacked by a gang of hackers. After stealing data from Nvidia and Samsung, the group of hackers managed to gain access to Microsoft’s servers. The attackers left with 37 GB of sensitive data, including source code from Bing or Cortana. The company, however, claims that no user was affected by the attack and that its teams managed to cut short the data extortion.
Update March 23, 2022
In a long blog post, Microsoft confirms being hacked by LAPSU$. At first, the Redmond firm seeks to reassure. She assures that “no customer code or data was involved in the observed activities” and that the hack is not large enough to cause harm to users. She also explains that only one company account was infiltrated, giving the hackers access to confidential data. In addition, the publication of these documents allowed Microsoft to “to intervene and interrupt the actor in the middle of the operation, thus limiting a wider impact”. As explained in our article, LAPSU$ did not ask for a ransom, as it was able to do for Nvidia. Microsoft sees this as the action of a group “motivated by theft and destruction”.
Article from March 22, 2022
Microsoft has been the victim of a hack, report our colleagues from Bleeping Computer. By gaining access to an Azure server, the Lapsus$ hacker group claims to have gotten their hands on the source code of Bing, the voice assistant Cortana and other projects developed by the company’s teams.
In recent weeks, Lapsus$ has already taken on several tech giants. At the beginning of March, the group of pirates managed to break into Nvidia servers to steal confidential documents. In exchange for his silence, the gang demanded an end to all limitations that prevent mining cryptocurrencies with graphics cards. A little after, the group stole 190 GB of data from Samsung servers.
Hackers allegedly received help from a Microsoft employee
During the Microsoft hack, Lapsus$ took over 37 GB of confidential data owned by Microsoft. This time, the group did not demand a ransom from the company. This Monday, March 21, 2022, Lapsus$ published all the data stolen during the attack on the web.
Shared on the gang’s Telegram conversion, the torrent file contains information about 250 Microsoft signed projects. According to the hackers, the file contains 100% source code for Bing and around 45% source code for Bing Maps (alternative to Google Maps) and Cortana. It also contains the code for web infrastructures, websites and mobile applications.
Experts, interviewed by Bleeping Computer, analyzed the leaked data to confirm its authenticity. Experts have also found internal emails exchanged between Microsoft employees in the file.
Read also: Microsoft offers a promotion to users who have pirated the Office suite
According to the researchers interviewed by the media, it is likely that Lapsus$ relied on the help of accomplices within the firm. Contacted by the media, Microsoft claims to be aware of Lapsus$’s assertions. The American giant claims to have opened an investigation to clarify the matter.
Source: Bleeping Computer