According to a Reddit post and a report on Cyber Kendra, Microsoft’s DevOps account has been compromised by the LAPSUS$ (Lapsus) group, which has previously hacked Nvidia, Samsung, and threatened Vodafone’s proprietary code was released earlier this year.
The screenshot below was posted on Telegram by Lapsus but was quickly deleted and saved by Cyber Kendra. The group claims to have access to some of Microsoft’s DevOps resources. The post was reportedly deleted minutes later with a message ” temporarily deleted, will post later .”
The following DevOps resources can be seen from the diagram:
- Bing_STC-SV: The project contains source code for various Bing engineering projects in the Silicon Valley office.
- Bing_Test_Agile: Bing testing project using agile templates.
- Bing_UX: The Bing.com Front End (SNR) and other related UX codebases.
- Bing Cubator
- Bing Source Code: The central project that stores all Bing source code.
- Compliance_Engineering: WebXT Compliance Engineering Team Project.
- Cortana: The main Cortana project, its associated code, and work items.
- Creative Authoring
However, only part of the content of the picture can be seen, and the content of the data that may be stolen is far more than that. Lapsus claimed to have obtained 1TB of Nvidia data, including driver, schematics or firmware information, and also obtained source code related to the operation of Samsung Galaxy devices. These intrusions and data thefts have been officially confirmed by NVIDIA and Samsung.
