Hackers leak 37GB of Microsoft source code

Posted on Monday night by the Lapsus$ hacking group, a torrent of a 9-gigabyte zip archive was made available to download. The 7zip archive was said to contain over 250 internal projects acquired from Microsoft.

The data was allegedly sourced from Microsoft's Azure DevOps server, a Telegram channel screenshot released by the group on Sunday and seen by BleepingComputer depicted. The source code in the projects covered a range of high-profile and internal projects, including code relating to Bing search, Bing Maps, and the Cortana virtual assistant.

Security researchers told the report the uncompressed 37-gigabyte collection does appear to include legitimate Microsoft source code. Some of the projects also included emails and documentation meant for Microsoft engineers to publish apps.

However, it seems that the code doesn't apply to locally-run desktop software like Windows or Microsoft Office, with it largely consisting of infrastructure, websites, and mobile app code.

Microsoft says it is aware of the the claims by the group, and is actively investigating the alleged intrusion and leak.

The massive data leak is the latest from Lapsus$, which has gained notoriety in a short space of time by acquiring and leaking vast amounts of data from large tech companies. Such incidents include 190 gigabytes of data leaked in early March from Samsung, as well as other attacks against Mercado Libre, Nvidia, Ubisoft, and Vodafone.

With attacks mostly targeting source code stores, one theory is that the hackers are gaining access through an internal source. The group has previously attempted to recruit employees of targeted companies, to effectively buy access onto corporate networks.