cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Medusa threat actor boasts about spreading Microsoft’s Bing source code

The Medusa ransomware outfit is sharing what it claims to be the leaked source code of two of Microsoft’s Bing products — Bing Maps and Cortana.

user icon David Hollingworth
Thu, 20 Apr 2023
Medusa threat actor boasts about spreading Microsoft’s Bing source code
expand image

The post, from Medusa’s own website and shared on Twitter by Emisoft’s Brett Callow, claims that the data totals 12 gigabytes.

“I can only say that this leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana,” the post, from a Medusa member known as Robert, read.

“There are many digital signatures of Microsoft products in the leak. Many of them have not been recalled,” the post continued. “Go ahead and your software will have the same level of trust as the original Microsoft product. Tell me about your successes.”

However, Callow believes the leak may not be a new incident.

“The leak is ~12GB and likely part of the ~37GB leaked by Lapsus in 2022,” Callow said in his post.

The Lapsus$ hack occurred in March 2022, when the hacking group claimed to have stolen 32GB of data from an internal Microsoft Azure DevOps server. The group posted a screenshot at the time of the trove of data they claim to have exfiltrated, including source code from a range of Bing-related products, including Bing Maps and Cortana.

At the time of posting, Lapsus$ claimed to have 90 per cent of Bing’s source code and 45 per cent of Cortana’s. The leak also contained a range of internal documents and emails.

At the time, Microsoft downplayed the leak.

“Our investigation has found a single account had been compromised, granting limited access. Our cyber security response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft said in a blog post detailing the incident.

“Microsoft does not rely on the secrecy of code as a security measure, and viewing source code does not lead to elevation of risk.”

Medusa is thought to be behind a ransomware attack against the Tonga Communications Corporation last year, which caused widespread disruption in the Pacific island nation.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.