So far in March several companies such as Ubisoft, Nvidia or Mercado Libre have been victims of hacks and theft of information by the lapsus$ hacker group and now, the conglomerate itself announced that it stole the source code of Bing and Cortana, so Microsoft reported that it has an open investigation into it.
The original information was published by the specialized media BleepingComputer, which states, the group of hackers of supposedly Latin American origin, Lapsus$ obtained up to 37 GB of information from Microsoft, among which 90 percent of the source code of the firm’s search engine, Bing, stands out.
In addition, they would have obtained up to 45 percent of the source code of the virtual voice assistant, Cortana, among other data and content from Bing Maps, websites, applications and infrastructure technology on the web, as well as internal emails, documents about applications, among other things.
Even, as is their custom, Lapsus$ published in their Telegram group a Torrent link with the information they obtained, among the files you can see the Azure DevOps account of Microsoft that was leaked.
For its part, Microsoft is limited to saying that “they are aware of the problem” and that “they are investigating it.”
Another of the recent new “victims” of the hacker group is Okta, an identity authentication company that even stated that they have not found evidence of a leak, a fact that made Lapsus$ angry, so they published some extra data about the alleged documents obtained.
So far, the modus operandi of the hacker group is unknown, although a theory that some specialized media have is that Lapsus$ pays employees of the targeted companies to be attacked and thus access private networks. This is based on the fact that in their Telegram group they published that they “were recruiting” employees in some telecommunications, software, callcenter or server company and even said they were willing to make a payment.
So far the victims of Lapsus$ have been NVIDIA, Samsung, Ubisoft and Mercado Libre, the group of hackers has focused on stealing data and source codes, which allows them to obtain confidential data that has already been patented. In some cases, they even requested a payment from the companies not to publish what was stolen.