Microsoft investigates Lapsus$ claim for theft of Bing and Cortana • The Register
The Lapsus$ extortion gang briefly alleged over the weekend that it had compromised Microsoft.
The diabolical cybercrime network has previously boasted of penetrating Nvidia, Samsung, Ubisoft and others. His modus operandi is to infiltrate a big target’s network, exfiltrate sensitive internal data, and then ask to keep that material from going public – and maybe release some of it anyway.
“We are aware of the allegations and are investigating,” a Microsoft spokesperson said. The register Monday.
On Saturday and Sunday, the scammers shared and then deleted Telegram screenshots suggesting they had broken into Microsoft’s internal DevOps environment, as spotted by infosec director Dominic Alvieri. The screenshot shows internal projects, including Bing and Cortana source code, and WebXT compliance engineering projects.
“Normally you wouldn’t give credence to a snapshot,” Alvieri tweeted, “but Lapsus breached Samsung, Impresa, Mercado Libre, Ubisoft and Nvidia.” The researcher said Microsoft and Vodafone would have been affected, adding that the Windows giant’s bragging seems “credible so far and reputation is on the line”.
If the screenshots are legit, it would be a major security breach for the American IT titan. It is possible for criminals to find and exploit security holes in the code, if they get their hands on them. Maybe Microsoft should have fought a little harder for Mandiant before Google scooped it up for $5.4 billion.
Microsoft’s alleged intrusion follows a series of high-profile outings by Lapsus$, which until recently was best known for meddling with Brazil’s health ministry and Portuguese media outlets SIC Noticias and Expresso.
That all changed in February when the gang, believed to be based in Brazil, snuck into Nvidia’s networks and stole a terabyte of data, including employee credentials and proprietary information, and dumped some an online part.
A few days later, Lapsus$ attacked Samsung and stole 190 GB of internal files, including source code from the Galaxy device.
The criminal group went on to claim that it was responsible for a cyber security incidentat gaming giant Ubisoft, and is also believed to be the source of a Vodafone security breach. Earlier this month, the telecom operator said it was investigating Lapsus$ claims that which he allegedly stole 200 GB of source code.
“We are investigating the allegation with law enforcement, and at this stage we cannot comment on the credibility of the allegation,” a Voda spokesperson said. Recount CNBC. “However, what we can say is that generally the repository types referenced in the claim contain proprietary source code and do not contain customer data.” ®