Microsoft has been the target of an attack by hacker group Lapsus$. The hacker group initially posted a screenshot of the files recently, and then shared a 7-zip archive containing all of the files.
The compressed file is only 9GB in size, but adds up to 37GB of source code for over 250 Microsoft projects after uncompressing. The leak supposedly contains 90% of the source code for Microsoft’s Bing Maps, and 45% of the source code for Bing itself and Cortana.
Some of the leaked projects contain emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps. The projects appear to be for web-based infrastructure, websites, or mobile apps, with no source code for Microsoft desktop software released, including Windows, Windows Server, and Microsoft Office.
According to the hackers, the leak originates from an Azure DevOps server that the hackers managed to find their way into, containing source code for many Microsoft products, including Bing and Cortana.
Lapsus$ is a data extortion hacking group that compromises corporate systems to steal source code, customer lists, databases, and other valuable data, and then attempt to extort the victim with ransom demands not publicly to leak the data.
Lapsus$ has disclosed numerous cyberattacks against large companies, with confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre, over the past few months. The extortion group uses their very active Telegram channels to announce new leaks and attacks.