Microsoft is looking into a potential security breach involving an extortionist hacker group. Known as LAPSUS$, the gang previously compromised Nvidia, Samsung, and Ubisoft, and a new statement suggests they have now breached the Windows 11 company’s internal systems and data.
Highlighted by Vice, a screenshot shared to a private Telegram channel suggests LAPSUS$ has gained access to an Azure DevOps account. The image specifically details source code linked to the Bing search engine and Cortana. In a statement, Microsoft confirmed that it’s “aware” of the claims and that it’s investigating the situation.
LAPSUS$ hasn’t issued any demands to Microsoft yet, but it’s known for attempting to force companies to fulfil its wishes. For example, it previous asked Nvidia to unlock its best graphics cards in an effort to enable crypto mining on GPUs with a hash rate limiter. That’s not to say the hackers aren’t interested in money, however, as it has also held data ransom and issued leak threats to its victims.
It’s worth noting that LAPSUS$ operates differently compared to typical cybercriminal groups, as it doesn’t infect targets with ransomware. Instead, it manually obtains internal data then weaponises it by way of blackmail.
A data leak is evidently bad news for Microsoft, but it also affects anyone using the company’s services. If you’ve got Windows 11 installed on a gaming PC or laptop, a source code breach could facilitate exploits and ultimately compromise the operating system’s security. That said, the hacker group’s level of access and intention isn’t exactly clear, so we might need to wait for the situation to develop before knowing how it’ll affect both the tech giant and its wide variety of customers.