Lapsus$ hacker group claims to be in possession of Microsoft's source code

Hackers hacked into Microsoft's Azure DevOps server and posted a screenshot of Microsoft's internal source code repos to Telegram.

In the image, we can see the source code of Cortana and other Bing projects with the names "Bing_STC-SV", "Bing_Test_Agile" and "Bing_UX". In addition, there are other repos in the image, but it is unknown what source code they contain.

It is quite strange that the hacker group left the initials of the logged in user as "IS" in the screenshot. This can help Microsoft identify the compromised account and take the necessary security measures.

Lapsus$ hacker group claims to be in possession of Microsoft's source code Picture 1

Leaving out the initials of the account shows that Lapsus$ not only claims to have access to Microsoft's repo, but also wants to mock Microsoft. This is what this hacker group has done with other victims like NVIDIA, Samsung.

Currently, Microsoft has not confirmed whether their Azure DevOps account has been compromised. However, sharing with Bleeping Computer, Microsoft said that it is aware of Lapsus$'s statement and is conducting an investigation.

Microsoft further shared that the leak of their source code (if any) will not create great risks. The reason is because Microsoft has a different approach than the market standard. The new approach allows Microsoft to secure products without depending on source code secrecy.

However, all risks cannot be ruled out because in the leaked source code there are also private encryption keys, digital signatures, API codes or other proprietary tools.

Isabella Humphrey

Update 22 March 2022