South American hacking group LAPSUS$, the same group behind the Nvidia hack a few weeks ago is back with another victim, Microsoft. As Motherboard reports, the group claims to have gained access to the Azure DevOps source code, as well as stealing data from the company. Rather than wanting to target consumer data, or install ransomware on company employees’ devices, LAPSUS$ leaks source code and data that they then want to sell back to the company. But it is unclear if they tried to sell the data back to Microsoft.
But, the only thing they have done is leak a screenshot of their Microsoft Azure DevOps account, which includes source code repositories for countless projects like Bing, Cortana, and more. But, the screenshot was quickly deleted after it was posted on their Telegram channel, and an admin commented, “Delete now will be reposted later.” That’s exactly what they did, but this time, the group backed up everything as a torrent file, for anyone to download.
LAPSUS $ list torrent for download
From the post listed by $LAPSUS, we can see that the group started releasing some files that they were able to obtain from the hack itself, seemingly in a move to scare Microsoft into acquiescing in any demands they might make for information. Additionally, releasing a generic file like this is bad news for Microsoft, as their competitors can easily read and reverse their technology, similar to what they did to Nvidia’s DLSS source code leaks.
According to Motherboard, the group was looking for employees within Microsoft to work with, as well as a list of other companies such as Apple and IBM. A quote posted on the group’s Telegram channel reads: “Note: We are not looking for data, we are looking for the employee to provide us with a VPN or network CITRIX, or any other office,”
They were explicitly looking into a Microsoft network backdoor, disguised as a legitimate user, and have since clearly succeeded after the attack in accessing the information they were looking for, possibly with the help of a Microsoft mole, who helped the hacking group gain access to the servers and systems where the data resides. most valuable.
This is just another part of the laundry list of victims who crossed paths with $LAPSUS, having previously hacked Brazil’s Ministry of Health, Electronic Arts, Samsung, Nvidia and possibly more. It is clear from the way the group communicates via Telegram that $LAPSUS is not an organized group, but instead a group of hackers looking to share their mutual winnings from whatever loot they steal from their target victims.
We haven’t directly confirmed that the torrent the group uploaded is legitimate, but it’s clear that the group is intent on sharing any loot they’ve earned. Oddly enough, many other groups of this type do not use their access to these systems to steal and release confidential data, but instead install ransomware on compromised network systems and then attempt to extort the company directly via this method. One of the most dangerous things about $LAPSUS$ is that the group isn’t afraid to widely share stolen information, leaving companies vulnerable to their most confidential documents going public, or even being seen by their competitors.
Emboldened by the management of huge targets like Nvidia and Samsung which means this group is getting increasingly risky for tech companies, who want to protect their most precious data ever. But, if the Telegram group’s call for moles on these companies is correct, they may face an even more difficult battle to ensure that these hackers do not gain access to sensitive information.
Companies can choose to defend themselves against such attacks by using a Red-Team penetration tester, which will be able to simulate an insider attack from a group like LAPSUS$, and help identify any vulnerabilities in their security, both physical and digital. This is something companies will likely already be doing, but you may want to get a slight update, just to make sure they can identify any additional measures that hackers have to bypass before accessing any other confidential data.
Microsoft makes a statement
Of course, when a company has such an alleged data breach they need to respond to make sure they have a public position on what might have happened, but the company doesn’t seem to acknowledge that this has happened, or that any of the data is available for free download on the Internet. This could be a face-saving PR move for Microsoft in what could be a very difficult situation for them.
“We are aware of the allegations and are investigating them,” the company told Motherboard.
It’s possible that Microsoft might want to settle this in private, publicly acknowledging that something happened, but they might never release the full scope of what might happen to their networks, or a full list of the data accessed on their networks unless it directly impacts their data. Consumer and sensitive information.
Who will LAPSUS$ target next?
Judging from the information we already know, as well as the fact that we understand the group is clearly quite new, but hit a few high-profile targets, it only makes sense that the group would go after Nvidia and Microsoft after another high-profile tech company like Apple or AMD. or other gaming brand. No matter where they might strike, this group has already proven to be extremely dangerous, capable of extorting the most valuable information to high-profile tech companies. But, knowing they have a target on their back, we may see these potential companies enhance their network security in response to $LAPSUS.