In the latest in a series of major breaches, a hacking group allegedly exposed 37GB of source code from Microsoft, code linked to hundreds of projects like Bing and Cortana. A torrent of a 9GB zip archive was made available to download by the Lapsus$ hacking group on Monday night. Over 250 internal Microsoft projects were alleged to be contained in the 7zip archive.
According to a Telegram channel screenshot shared by the group on Sunday and was seen by BleepingComputer, the data was purportedly sourced from Microsoft’s Azure DevOps Server. The projects’ source code included code for Bing search, Bing Maps, and the Cortana virtual assistant, among other high-profile and internal projects.
The uncompressed 37GB collection actually includes genuine Microsoft source code, according to security specialists. Emails and instructions enabling Microsoft engineers to publish apps were also included in several of the projects.
The code, which primarily consists of infrastructure, websites, and mobile app code, does not appear to apply to locally-run desktop software such as Windows or Microsoft Office. Microsoft says it is aware of the group’s concerns and is looking into the alleged intrusion and leak.
Lapsus$ has earned its reputation in a short period of time by collecting and leaking significant amounts of data from large tech companies. 190GB of data was leaked from Samsung in early March, as well as other attacks against Mercado Libre, Nvidia, Ubisoft, and Vodafone.
Regarding the frequency of attacks on source code repositories, one assumption is that the hackers are achieving access via an internal source. Previously, the group attempted to recruit personnel from selected companies in order to gain access to their networks.