Hackers Post Images Showing Possible Microsoft Breach

pcmag.com:

The hacking group that breached Nvidia last month now says it also infiltrated Microsoft, and the company is investigating.

The hacking group, called LAPSUS$, briefly shared a screenshot on Saturday that suggests the cybergang gained internal access to projects relating to Microsoft’s Bing search engine and the company's voice assistant Cortana. 

LAPSUS$ has since taken the screenshot down from the group’s public chatroom. But copies of the image show the hackers gained access to an account on Microsoft’s Azure DevOps, a product that helps computer programmers collaborate on coding projects together. 

The screenshot also shows various folders in the account, one of which is titled “Bing-Source,” and says “The central project for storing all of Bing Source code.” 

Another folder is titled “Cortana,” and says “The main Cortana project. Over time, all of Cortana-related code and work items should be managed via this project.”

Microsoft tells Motherboard: “We are aware of the claims and are investigating.”

It’s unclear why LAPSUS$ deleted the screenshot, but the post was likely a tease to build up publicity. The group has since written in its public chat group: “deleted for now will report later.”

If the hack is real, then LAPSUS$ is almost certainly looking to sell off any data it stole from Microsoft for a high price. Last month, the group claimed it stole 1TB of data from Nvidia, including information on how to unlock a cryptocurrency-mining restriction on the company’s graphics cards. LAPSUS$ then tried to sell the cryptocurrency-mining bypass for $1 million.

The group also said it would release confidential files about Nvidia’s hardware unless the company open-sourced all its GPU drivers. However,  LAPSUS$ has yet to