Microsoft Investigating Potential LAPSUS$ Hack After Sensitive Screenshot Leak

Microsoft Investigating Potential LAPSUS$ Hack After Sensitive Screenshot Leak
Photo: picture alliance/Getty, Getty Images

Microsoft may be the latest victim of a hacking group that has infiltrated some of the world’s largest tech companies in recent months.

The software giant is currently investigating claims that LAPSUS$, a hacking group that has stolen data from Nvidia, Samsung, and other massive tech companies, has gained access to its internal systems, according to a Motherboard report. Over the weekend, LAPSUS$ posted a screenshot to its Telegram channel of what appeared to be information taken from an internal developer account for Azure, its cloud computing division.

Images showing “Bing_UX,” “Bing-Source,” and “Cortana,” suggest source code for Microsoft’s virtual assistant and search engine were accessed. Other sections for “mscomdev,” “microsoft,” and “msblox,” could indicate that the group has gained entry to other code repositories.

An administrator of LAPSUS$’s Telegram channel has reportedly deleted the images that supposedly reveal sensitive Microsoft assets, and posted “Deleted for now will repost later.”

Microsoft said in a statement, “We are aware of the claims and are investigating.”

The extortion group has yet to demand anything from the business software titan, though LAPSUS$ has, in past attacks, asked for payment and held sensitive information as blackmail. In the case of Nvidia, the group threatened to release stolen internal data unless GPU drivers were made open source and Ethereum cryptocurrency mining limiters were removed from Nvidia 30-series graphics cards.

LAPSUS$ is reportedly on a recruiting mission to get employees to cough up sensitive info. It wrote, “We recruit employees/insider at the following!!!!” on March 10 then followed the statement with a list of companies it would like to infiltrate, which included Apple, IBM, and Microsoft.

“TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk,” the group wrote in a message.

What makes LAPSUS$ unique among hacking gangs is its use of Telegram to establish a social media presence and give it a public voice. The group wants noteriety. And instead of conducting ransomware attacks by blocking systems with encryption, LAPSUS$ instead threatens to leak information it has already stolen unless the victim sends it money.

LAPSUS$ is a relative newcomer. Its first suspected campaigns were against Brazilian and Portuguese companies at the end of last year, beginning with Brazil’s health ministry, the Portuguese media company Impresa, and South American telecoms Claro and Embratel. The hacking group, which claims to be motivated only by money, has gained confidence and widened its ambitions after its attacks against giants Nvidia and Samsung.