Medusa ransomware crew boasts of Microsoft Bing and Cortana code leak

The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.

“This leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana,” the crew wrote on its website, which was screenshotted and shared by Emsisoft threat analyst Brett Callow.

“There are many digital signatures of Microsoft products in the leak. Many of them have not been recalled,” the gang continued. “Go ahead and your software will be the same level of trust as the original Microsoft product.”

Obviously, this could be a dangerous level of trust to give miscreants developing malware. Below is Callow’s summary of the purported dump of source code presumable obtained or stolen somehow from Microsoft.

To be clear: we don’t know if the files are legit. Microsoft didn’t respond to The Register‘s request for comment, and ransomware gangs aren’t always the most trustworthy sources of information.

“At this point, it’s unclear whether the data is what it’s claimed to be,” Emsisoft’s Callow told The Register. “Also unclear is whether there’s any connection between Medusa and Lapsus$ but, with hindsight, certain aspects of their modus operandi does have a somewhat Lapsus$ish feel.”

He’s referring to a March 2022 security breach in which Lapsus$ claimed it broke into Microsoft’s internal DevOps environment and stole, then leaked, about 37GB of information including what the extortionists claimed to be Bing and Cortana’s internal source code, and WebXT compliance engineering projects.

Microsoft later confirmed Lapsus$ had compromised its systems, and tried to downplay the intrusion by insisting “no customer code or data was involved in the observed activities.”

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” it added, which is a fair point. Software should be and can be made secure whether its source is private or open.

And Lapsus$, of course, is the possibly extinct extortion gang led by teenagers who went on a cybercrime spree last year before the arrest of its alleged ringleaders. Before that, however, it stole data from Nvidia, Samsung, Okta, and others.

It could be that Medusa is spreading around stuff that was already stolen and leaked.


Source: Medusa ransomware crew boasts of Microsoft code leak • The Register

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft