LAPSUS$ Strikes Again As Hackers Seem To Have Targeted Microsoft’s DevOps Platform

lapsus hackers targeted microsoft devops platform news
A ransomware gang known as LAPSUS$ has recently hit a number of big-name targets, including NVIDIA, Samsung, and Ubisoft, and the group may have now added Microsoft to that list. LAPSUS$ made waves at the end of February when news broke that NVIDIA had been hit by a cyber-attack. In an unexpected twist, LAPSUS$ claimed responsibility for the attack, but also claimed that NVIDIA retaliated by hitting the group back with ransomware. A short time later, DLSS source code leaked online and NVIDIA confirmed that LAPSUS$ stole intellectual property.

LAPSUS$ then followed up the NVIDIA attack by stealing Samsung source code, which the company has since confirmed. LAPSUS$ has leaked 204GB of Samsung data and 20GB of NVIDIA data, but claims to possess 1TB of NVIDIA data. The 20GB of NVIDIA data that have been leaked included employee information, as well as two of NVIDIA’s code signing certificates, which bad actors are currently using to sign malware and bypass Windows protections.

It remains to be seen whether LAPSUS$ really does possess additional NVIDIA data. The group originally set March 4 as the date on which it would release its full 1TB trove if NVIDIA didn’t comply with the ransomware group’s demands to make all future graphics drivers open source. However, over two weeks have passed since then and LAPSUS$ has still not made additional data available for download. The group has ended multiple Telegram posts by asking people to give them time and even said that repeatedly asking about additional NVIDIA data will result in a ban. 

lapsus hackers targeted microsoft devops platform telegram news
Telegram post by LAPSUS$

Just as it is unclear whether LAPSUS$ really has 1TB of NVIDIA data, it is now unclear whether LAPSUS$ has Microsoft data. Yesterday, the ransomware group posted an image on Telegram of what appears to be Microsoft’s internal DevOps platform, which was spotted by a cybersecurity researcher on Twitter. This image would lead people to believe that LAPSUS$ somehow gained access to proprietary Microsoft source code.

However, LAPSUS$ later deleted the image from its Telegram channel and posted an update, saying that the image has been deleted for now, but will be reposted later. LAPSUS$ has been silent since then, so we’ll have to wait and see if additional information comes out about the suspected Microsoft breach.