Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Bing and Cortana source code reportedly stolen by Medusa ransomware crew

Ransomware attack on a computer

Threat actors going by “Medusa” have posted a new database on their leak site, claiming it contains data from Microsoft including source code for Bing and Cortana. 

Found by Emsisoft researcher Brett Callow, the announcement says embedding the source code could trick antivirus products into confusing malware with Microsoft-made programs.

"This leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana," the announcement reads. "There are many digital signatures of Microsoft products in the leak. Many of them have not been recalled. Go ahead and your software will be the same level of trust as the original Microsoft product."

No confirmation

While the announcement did raise red flags all around, no threat analysts have yet confirmed the authenticity of Medusa’s claims, so the files might be bogus for all we know.

"At this point, it's unclear whether the data is what it's claimed to be," Emsisoft's Callow told The Register. "Also unclear is whether there's any connection between Medusa and Lapsus$ but, with hindsight, certain aspects of their modus operandi does have a somewhat Lapsus$ish feel."

A year ago, a threat actor called Lapsus$ announced breaking into Microsoft’s endpoints and stealing roughly 37GB of sensitive data, including the source code for Bing and Cortana. Soon afterward, Microsoft confirmed the breach but stated “no customer code or data” being taken. "Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk," the Redmond giant explained at the time. 

Thus, Callow could be suggesting that the attackers were just re-leaking what was already stolen a year ago.

Medusa is a ransomware operator that rose to infamy after breaching the Minneapolis Public Schools (MPS) district and demanding $1 million in exchange for the decryption key. Given that MPS’ data was leaked to the dark web soon after, it’s safe to assume that the negotiations fell through. 

Via: The Register

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.