Bing and Cortana source code reportedly stolen by Medusa ransomware crew
But are they just re-leaking already leaked code?
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Threat actors going by “Medusa” have posted a new database on their leak site, claiming it contains data fromMicrosoftincluding source code forBingand Cortana.
Found by Emsisoft researcher Brett Callow, the announcement says embedding the source code could trick antivirus products into confusingmalwarewith Microsoft-made programs.
“This leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana,” the announcement reads. “There are many digital signatures of Microsoft products in the leak. Many of them have not been recalled. Go ahead and your software will be the same level of trust as the original Microsoft product.”
No confirmation
While the announcement did raise red flags all around, no threat analysts have yet confirmed the authenticity of Medusa’s claims, so the files might be bogus for all we know.
“At this point, it’s unclear whether the data is what it’s claimed to be,” Emsisoft’s Callow toldThe Register. “Also unclear is whether there’s any connection between Medusa and Lapsus$ but, with hindsight, certain aspects of their modus operandi does have a somewhat Lapsus$ish feel.”
You’re a ransomware victim: Here’s 5 things you should do>What is ransomware and how does it work?>Check out the best ransomware removal right now
A year ago, a threat actor called Lapsus$ announced breaking into Microsoft’sendpointsand stealing roughly 37GB of sensitive data, including the source code for Bing and Cortana. Soon afterward, Microsoft confirmed the breach but stated “no customer code or data” being taken. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” the Redmond giant explained at the time.
Thus, Callow could be suggesting that the attackers were just re-leaking what was already stolen a year ago.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Medusa is a ransomware operator that rose to infamy after breaching the Minneapolis Public Schools (MPS) district and demanding $1 million in exchange for the decryption key. Given that MPS’ data was leaked to the dark web soon after, it’s safe to assume that the negotiations fell through.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
