Microsoft might be the latest potential victim of a Lapsus$ hacking group that has infiltrated some of the world’s largest tech companies in recent months.
Microsoft is currently investigating the claim that LAPSUS$, has gained access to its internal systems. Over the weekend, LAPSUS$ posted a screenshot to its Telegram channel of what appeared to be information taken from an internal developer account for Azure, its cloud computing division.
Images showing “Bing_UX,” “Bing-Source,” and “Cortana,” suggest source code for Microsoft’s virtual assistant and search engine were accessed. Other sections for “mscomdev,” “microsoft,” and “msblox,” could indicate that the group has gained entry to other code repositories.
An administrator of LAPSUS$’s Telegram channel has reportedly deleted the images that supposedly reveal sensitive Microsoft assets and posted “Deleted for now will repost later.”
The extortion group has yet to demand the ransom from Microsoft, in the past it asked for payment and held sensitive information as blackmail. In the case of Nvidia, the group threatened to release stolen internal data unless GPU drivers were made open source and Ethereum cryptocurrency mining limiters were removed from Nvidia 30-series graphics cards.
LAPSUS$ is reportedly on a recruiting mission to get employees to cough up sensitive info. It wrote, “We recruit employees/insider at the following!!!!” on March 10 then followed the statement with a list of companies it would like to infiltrate, which included Apple, IBM, and Microsoft.
LAPSUS$ is unique to an extent among hacking gangs is its use of Telegram to establish a social media presence and give it a public voice. Instead of conducting ransomware attacks by blocking systems with encryption, LAPSUS$ instead threatens to leak information it has already stolen unless the victim sends it money.
LAPSUS$ first suspected campaigns were against Brazilian and Portuguese companies at the end of last year, beginning with Brazil’s health ministry, the Portuguese media company Impresa, and South American telecoms Claro and Embratel. The hacking group, which claims to be motivated only by money, has gained confidence, and widened its ambitions after its attacks against giants Nvidia and Samsung.