The hacking group LAPSUS$ claims to have accessed internal Microsoft systems and stolen 37 GB of source code, including code from Bing, Cortana, and more.
“We are aware of the claims and are investigating,” a terse Microsoft statement notes of the hack.
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
The group posted a screenshot to its Telegram channel on Sunday morning—an edited version of which can be seen above—to prove that it had obtained access to Microsoft’s internal systems. Then, on Monday, it posted 9 GB of archives files containing over 250 Microsoft source code projects to a torrent site. LAPSUS$ claims the source code dump represents 90 percent of the source code for Bing and about 45 percent of the code for Bing Maps and Cortana. The uncompressed archives are about 37 GB in size.
Security researchers who have viewed the source code say it appears legitimate. Not helping matters, LAPSUS$ has previously successfully hacked NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.
dftf
<p>These attacks are becoming a major issue.</p><p><br></p><p>NVIDIA had a massive leak recently, including their code-signing certificates, meaning malware can now sign itself and pose as being an executable from NVIDIA, so <em>Windows</em> potentially won’t flag it.</p><p><br></p><p>I wonder how-long now before someone breaks-into Microsoft’s <em>Windows Update </em>servers, or the servers <em>Apple </em>uses for macOS and iOS updates, or their <em>App Store</em>, or <em>Google’s Play Store</em> servers, or <em>Samsung’s </em>update servers, and so can send malicious code out using a method guaranteed to hit millions of devices and which wouldn’t get flagged at-all?</p>