NewsOnline Security

Lapsus$ Strikes Again: Microsoft Latest Victim

Lapsus$ is making a notorious reputation for itself in recent months, claiming big-name victims left, right, and center. The South American cybergang just added Microsoft to its hacking portfolio, saying they stole 37GB of data. That includes the source code for search engine Bing, voice assistant Cortana, and other projects from the Azure DevOps server.

Microsoft later confirmed that it suffered a cyberattack, with Lapsus$ hackers gaining “limited access” to its systems. The tech giant has been keeping a close eye on the group’s activities in recent weeks, releasing some details about their attack methods. Now, it joins Nvidia, Samsung, Mercado Libre, and Okta on the list of casualties.

Lapsus$ Hackers Hit Microsoft this Time

Microsoft joins a long list of high-profile targets after falling victim to Lapsus$. The hackers, known for data theft and extortion, leaked the source code for several products, including Bing and Cortana. And on March 22, the tech giant confirmed the news.

In a blog post, the company identified the attackers as DEV-0537, a.k.a. Lapsus$, saying they gained limited access to its systems through a compromised employee account. However, Microsoft added that its cybersecurity teams acted quickly to restore it and prevent further malicious activity. Also, customer data remained intact.

No customer code or data was involved in the observed activities.


Furthermore, Microsoft continued that it had been monitoring Lapsus$ activities lately, dubbing it a “large-scale social engineering and extortion campaign.” At first, the group focused on organizations in the UK and South America but soon expanded to global operations.

Now, it targets companies in the technology, retail, media, telecom, healthcare, and government sectors. The cybercriminals are also famous for hacking cryptocurrency exchanges to steal users’ accounts. And their methods consist of a “pure extortion and destruction model” without using ransomware payloads.

According to Microsoft, the best way to defend against Lapsus$ is through strong passwords, multifactor authentication, and VPN usage.

Lapsus$ Leaks Microsoft Data

Stealing sources codes and leaking them online is becoming Lapsus$’s thing. The gang posted a screenshot of Microsoft’s Azure DevOps server on their Telegram channel on Sunday morning. The image contained source code Bing, Cortana, and other internal projects.

Then, on Monday night, they published a torrent carrying source code to several plans that belong to the company. According to BleepingComputer, 37GB of source code was leaked, even though reports stated that it was just some of it. Additionally, cybersecurity experts confirmed that the data Lapsus$ released seems legitimate.

Most of the projects contained internal emails and content between Microsoft engineers regarding mobile apps.

Previously, Lapsus$ stole and published data and source code belonging to Nvidia, Samsung, Okta, and Mercado Libre. The group also claimed they breached LG employees’ accounts, promising to release them soon.

Dump of LG’s infrastructure confluence will be released soon. Might be a good idea to consider a new CSIRT team!


Other than launching the investigation, Microsoft did not add further comments. But a Lapsus$ member stated that access to the company’s systems has already “died.”

Ralph Peterson

Ralph was bitten by the tech bug from an early age. Today, he is an expert cybersecurity geek with 13+ years of online privacy and streaming experience under his belt. Spoiler alert: He hates bottled TV show endings (Game of Thrones) and whenever his favorite teams lose.

One Comment

  1. Other than launching the investigation, Microsoft did not add further comments. But a Lapsus$ member stated that access to the company’s systems has already “died

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button