Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 Microsoft investigating claims of hacked, source code repositories

views
     
TSdaisiesdontdoit92
post Mar 23 2022, 10:29 AM, updated 3y ago

On my way
****
Junior Member
574 posts

Joined: Jan 2020


QUOTE
Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data.

Unlike many extortion groups we read about today, Lapsus$ does not deploy ransomware on their victim's devices.

Instead, they target the source code repositories for large companies, steal their proprietary data, and then attempt to ransom that data back to the company for millions of dollars.

While it is not known if the extortion group has successfully ransomed stolen data, Lapsus has gained notoriety over the past months for their confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

Lapsus$ claims to have breached Microsoft
Early Sunday morning, the Lapsus$ gang indicated that they hacked Microsoft's Azure DevOps server by posting a screenshot on Telegram of alleged internal source code repositories.

Are source code leaks bad?
While the leaking of source code makes it easier to find vulnerabilities in a company's software, Microsoft has previously stated that leaked source code does not create an elevation of risk.

Microsoft says that their threat model assumes that threat actors already understand how their software works, whether through reverse engineering or previous source code leaks.

"At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code," explained Microsoft in a blog post about the SolarWinds attackers gaining access to their source code.

"So viewing source code isn’t tied to elevation of risk."

However, source code repositories also commonly contain access tokens, credentials, API keys, and even code signing certificates.

When Lapsus$ breached NVIDIA and released their data, it also included code-signing certificates that other threat actors quickly used to sign their malware. Using NVIDIA's code signing certificate could cause antivirus engines to trust the executable and not detect it as malicious.

Microsoft has previously said that they have a development policy that prohibits "secrets," such as API keys, credentials, or access tokens, from including their source code repositories.

Even if that is the case, it does not mean that there is no other valuable data included in the source code, such as private encryption key or other proprietary tools.

It is unknown what is contained within these repositories, but as was done with previous victims, it is only a matter of time before Lapsus$ leaks whatever stolen data they claim to have obtained.
https://www.bleepingcomputer.com/news/secur...e-repositories/

TSdaisiesdontdoit92
post Mar 26 2022, 11:03 AM

On my way
****
Junior Member
574 posts

Joined: Jan 2020


Police have arrested seven teenagers due to their suspected connections with a hacking group that is believed to be the recently prolific Lapsus$ group. Jail time will be a good deterrent especially against teenagers hackers but I wonder will they get away from it since they are minors. Very smart young people, if they could use the skills on the blue side instead of red side.
Seven teenagers arrested in connection with the Lapsus$ hacking group
https://www.theverge.com/2022/3/24/22994563...icrosoft-nvidia

This post has been edited by daisiesdontdoit92: Mar 26 2022, 11:06 AM

 

Change to:
| Lo-Fi Version
0.0118sec    0.47    5 queries    GZIP Disabled
Time is now: 28th March 2024 - 09:23 PM