Lapsus$ is not really interested in deploying ransomware on their victim's devices but targets source code repositories for large companies, steals proprietary data, and then attempt to ransom that data back to the company for millions of dollars.

Lapsus has gained notoriety over the past months for their confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre. Lapsus$ is pretty good at what it does, its claims of attacks on other companies later prove to be true.

Vole claims that leaked source code does not create an elevation of risk. Microsoft says that their threat model assumes that threat actors already understand how their software works, whether through reverse engineering or previous source code leaks.

However, Vole apparently has “inner source approach” and uses open source software development best practices and an open source-like culture -- to making source code viewable within Microsoft.

This rules out a dependence on source code secrecy for product security of products and assumes that attackers know Microsoft source code.

Source code repositories also commonly contain access tokens, credentials, API keys, and even code signing certificates.

However, Microsoft is checking the claims with its inner source and presumably will be holding a few crystals as it does so.