Microsoft 37GB source code leaked?

WhoCares · #1 03-22-2022, 20:48

lol

Lapsus$ hackers leak 37GB of Microsoft's alleged source code.

No URL yet

quote:

The notorious hacking group Lapsus$ appears to have successfully breached and leaked the source code for several Microsoft projects including bing, Cortana from the company's internal Azure DevOps server.

The hacktivist gang posted a screenshot to their Telegram channel early Sunday morning, March 20, claiming they hacked the software giant's internal servers that contained source code for Bing, Cortana, and various other projects. The following day, the group posted a torrent for a 9GB zipped archive containing the source code of over 250 projects allegedly belonging to Microsoft.

p4r4d0x · #2 03-22-2022, 21:03

And Vodafone is Next

DARKER · #3 03-22-2022, 21:24

Code:

https://www.bleepingcomputer.com/news/microsoft/lapsus-hackers-leak-37gb-of-microsofts-alleged-source-code/

DavidXanatos · #4 03-22-2022, 22:28

nice... but still waiting for the full windows 11 source code leak... given how anti consumer MSFT is recently it would be a well deserved one.

PS: if you need the torrent just google their telegram its there very prominently placed

WhoCares · #5 03-22-2022, 23:03

yes I found their TG. thx

magnet:?xt=urn:btih:BFCFBC5E631A309271C8773BD6781C1BD63B4387

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

Quote:

Originally Posted by DavidXanatos

nice... but still waiting for the full windows 11 source code leak... given how anti consumer MSFT is recently it would be a well deserved one.

PS: if you need the torrent just google their telegram its there very prominently placed

atom0s · #6 03-24-2022, 02:51

The group said the torrent includes:

Quote:

Leak of some Bing, Bing Maps and Cortana source code - Bing Maps is 90% complete dump, Bind and Cortana around 45%

sh3dow · #7 03-24-2022, 03:28

When these guys stop this bullshit and release the whole files? all their releases are nearly worthless, incomplete and lack the good parts. Who really care about Bing Maps and Cortana source code?

Even this leak feels it lack the good parts of Bing and Cortana
Here a Tree listing [restricted to only directories max 3 levels deep] for the curious of you
https://pastebin.com/raw/qg5Y4cia

FoxB · #8 03-24-2022, 14:08

this leak have any certificates?

Platform--Secrets-- CodeSign
Platform--private--SignPlatform
CoXDataMining--Certificate

sh3dow · #9 03-25-2022, 06:01

Quote:

Platform--Secrets-- CodeSign

Code:

`-- CodeSign
|       |-- CloudSignAadAccess.cer
|       |-- CloudSignAadAccess.pfx.qencr
|       `-- CloudSignAadKey.dat

Quote:

Platform--private--SignPlatform

No certs, probably they didn't want them to be leaked and want them for private use.

Code:

|-- private
|   |-- SignPlatform
|   |   `-- makecat.proj
|   |-- cache.config
|   |-- dirs.proj
|   `-- packages
|       |-- PacmanBranchSpecificSettings.txt
|       `-- packages.ini

Quote:

CoXDataMining--Certificate

Code:

|-- CoXDataMining
|   |-- Certificate
|   |   |-- TestCertificate.ps1
|   |   |-- coxreporting.phx.gbl.cer
|   |   |-- coxreporting.phx.gbl.pfx
|   |   `-- privateKeyPassword.txt

and similar folder

Code:

|-- CoXDataMining\ (1)
|   |-- Certificate
|   |   |-- TestCertificate.ps1
|   |   |-- coxreporting.phx.gbl.cer
|   |   |-- coxreporting.phx.gbl.pfx
|   |   `-- privateKeyPassword.txt

The full tree listing are here, it's to big to paste in pastebin (20mb)
It contains the whole hierarchy of folders and files in the leak
hxxps://www.mediafire.com/file/1wfezr4fseq10g3/MS-leak-full-tree.txt/file

WhoCares · #10 03-25-2022, 11:01

British police say seven people arrested following series of hacks by Lapsus$ group

JMP-JECXZ · #11 03-25-2022, 22:50

7 teenagers have been arrested in connection to LAPSUS$
https://www.bbc.co.uk/news/technology-60864283

bolo2002 · #12 03-26-2022, 00:18

"...The boy's father told the BBC his family was concerned and was trying to keep him away from his computers..."
but it's the same for every father,mother since decades

atom0s · #13 03-26-2022, 03:13

The group put out a message on their Telegram this morning. Looks like the people arrested are potentially all fakes claiming to be part of the group but actually aren't. Hard to say if it's entirely true for all of them arrested, but their message leans that way:

Code:

https://i.imgur.com/wYcStn4.png

Bidasci · #14 05-30-2022, 06:49

don't know if people still want to download this but I downloaded the leak when it was first made available, I split the folder into two parts and the download can be viewed here:

Code:

hxxps://filecrypt.cc/Container/72EAA69F33.html

Full folder directory can be viewed here as well:

Code:

hxxps://cpaste.org/?a22ceffb98bc26a5#7eQ9tfZkyNxX7qpGSAhv8JyXXRS1uBgWHTJFeSLtni8y

SHA-256 Checksum of part1 & part2 rar's:

Code:

Name: Microsoft Source Code Leak 2022.part01.rar 
SHA256: 0A592C6EEC0DE884853814F78D6A88AA5145AE21C15FF1AFE06DF3DBACFE9064
Name: Microsoft Source Code Leak 2022.part02.rar
SHA256: AF6B354004FCCFEEFB07D43D132DF313A3646F4B2874AB2A77ADB056DD58BB34

Shub-Nigurrath · #15 05-30-2022, 18:56

rather than downloading, I am wondering which types of conclusions, pieces of evidence or gems people found inside. It's a mess of code and I imagine a lot of ppl already dug inside .. A discussion on this would be interesting!

thanks

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

The Following User Says Thank You to WhoCares For This Useful Post:
sh3dow (03-24-2022)

The Following User Says Thank You to DavidXanatos For This Useful Post:
sh3dow (03-24-2022)

The Following User Says Thank You to sh3dow For This Useful Post:
Stingered (03-24-2022)

The Following User Says Thank You to sh3dow For This Useful Post:
niculaita (03-25-2022)