Hacking Group Claims to Have Stolen 37 GB of Microsoft Source Code

Posted on March 22, 2022 by Paul Thurrott in Microsoft with 13 Comments

The hacking group LAPSUS$ claims to have accessed internal Microsoft systems and stolen 37 GB of source code, including code from Bing, Cortana, and more.

“We are aware of the claims and are investigating,” a terse Microsoft statement notes of the hack.

The group posted a screenshot to its Telegram channel on Sunday morning—an edited version of which can be seen above—to prove that it had obtained access to Microsoft’s internal systems. Then, on Monday, it posted 9 GB of archives files containing over 250 Microsoft source code projects to a torrent site. LAPSUS$ claims the source code dump represents 90 percent of the source code for Bing and about 45 percent of the code for Bing Maps and Cortana. The uncompressed archives are about 37 GB in size.

Security researchers who have viewed the source code say it appears legitimate. Not helping matters, LAPSUS$ has previously successfully hacked NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (13)

13 responses to “Hacking Group Claims to Have Stolen 37 GB of Microsoft Source Code”

  1. yaddamaster

    Bing, Cortana, Bing Maps......


    So basically no damage done?

  2. simont

    This LAPSUS$ group has been hitting a lot of big names. They also hit Okta with provides SSO services to a lot of companies so I see Twitter is starting to wonder if they got in because stealing creds from Okta somehow.

  3. wright_is

    And Okta, which is a secure authorisation service for corporate customers (2FA). They allege to have been there since Jan 21. but Okta claims there was an attempted break-in at that time at a sub-contractor, but it was contained.


    If those other companies use Okta for their security and Okta has been compromised, as is claimed, that might explain how they managed to get into those other companies (although I would expect MS to use their own Authenticator).

  4. dftf

    These attacks are becoming a major issue.


    NVIDIA had a massive leak recently, including their code-signing certificates, meaning malware can now sign itself and pose as being an executable from NVIDIA, so Windows potentially won't flag it.


    I wonder how-long now before someone breaks-into Microsoft's Windows Update servers, or the servers Apple uses for macOS and iOS updates, or their App Store, or Google's Play Store servers, or Samsung's update servers, and so can send malicious code out using a method guaranteed to hit millions of devices and which wouldn't get flagged at-all?

    • lvthunder

      According to what I saw they were expired code signing certificates that have been blocked by Windows now, but you are right. If they can break into those updating systems it's game over.

  5. harrymyhre

    @thurrott if they stole the code to notepad, you can donate one of your notepad clones.

    Save them a lot of work recoding that one.

  6. halspuppet

    Was trying to parse through some of the Bing source code, but kept getting pop up ads for Microsoft Editor and Longhorn Steakhouse. Where will it stop Microsoft??

    • harrymyhre

      It won't stop. It's like if a guy discovered a gold mine back in the day. You think that guy is going to cover up the gold mine? No way. He writes to his buddies and tells them "i found a way to get some gold! We gonna be rich!"


  7. red.radar

    I wonder how long before they get into the cloud of some of their customers that they are hosting.

  8. pherbie

    Only 37Gb??? Given the mess that is Bing and Cortana I would expect a lot more than that. They must have only got a tiny fraction.

  9. hrlngrv

    Given the products, did MSFT give less than half a damn about securing their code? Or could a stronger case be made that ANYTHING which could be accessed from the Internet can't be secured robustly.

Leave a Reply