Hacking Group Claims to Have Stolen 37 GB of Microsoft Source Code

The hacking group LAPSUS$ claims to have accessed internal Microsoft systems and stolen 37 GB of source code, including code from Bing, Cortana, and more.

“We are aware of the claims and are investigating,” a terse Microsoft statement notes of the hack.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

The group posted a screenshot to its Telegram channel on Sunday morning—an edited version of which can be seen above—to prove that it had obtained access to Microsoft’s internal systems. Then, on Monday, it posted 9 GB of archives files containing over 250 Microsoft source code projects to a torrent site. LAPSUS$ claims the source code dump represents 90 percent of the source code for Bing and about 45 percent of the code for Bing Maps and Cortana. The uncompressed archives are about 37 GB in size.

Security researchers who have viewed the source code say it appears legitimate. Not helping matters, LAPSUS$ has previously successfully hacked NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

Share post

Please check our Community Guidelines before commenting

Conversation 13 comments

  • yaddamaster

    22 March, 2022 - 10:58 am

    <p>Bing, Cortana, Bing Maps……</p><p><br></p><p>So basically no damage done?</p>

    • navarac

      22 March, 2022 - 11:21 am

      <p>…. and destroyed all copies, please ….. :-)</p>

    • kd5hiy

      22 March, 2022 - 6:02 pm

      <p>Hehehe… Basically the source code for the services that everyone hates from Microsoft. I don’t care who you are, that’s funny right there.</p>

  • simont

    Premium Member
    22 March, 2022 - 11:31 am

    <p>This <span style="color: rgb(0, 0, 0);">LAPSUS$ group has been hitting a lot of big names. They also hit Okta with provides SSO services to a lot of companies so I see Twitter is starting to wonder if they got in because stealing creds from Okta somehow.</span></p>

  • wright_is

    Premium Member
    22 March, 2022 - 11:32 am

    <p>And Okta, which is a secure authorisation service for corporate customers (2FA). They allege to have been there since Jan 21. but Okta claims there was an attempted break-in at that time at a sub-contractor, but it was contained.</p><p><br></p><p>If those other companies use Okta for their security and Okta has been compromised, as is claimed, that might explain how they managed to get into those other companies (although I would expect MS to use their own Authenticator).</p>

  • dftf

    22 March, 2022 - 12:53 pm

    <p>These attacks are becoming a major issue.</p><p><br></p><p>NVIDIA had a massive leak recently, including their code-signing certificates, meaning malware can now sign itself and pose as being an executable from NVIDIA, so <em>Windows</em> potentially won’t flag it.</p><p><br></p><p>I wonder how-long now before someone breaks-into Microsoft’s <em>Windows Update </em>servers, or the servers <em>Apple </em>uses for macOS and iOS updates, or their <em>App Store</em>, or <em>Google’s Play Store</em> servers, or <em>Samsung’s </em>update servers, and so can send malicious code out using a method guaranteed to hit millions of devices and which wouldn’t get flagged at-all?</p>

    • lvthunder

      Premium Member
      22 March, 2022 - 2:14 pm

      <p>According to what I saw they were expired code signing certificates that have been blocked by Windows now, but you are right. If they can break into those updating systems it’s game over.</p>

  • harrymyhre

    Premium Member
    22 March, 2022 - 4:18 pm

    <p>@thurrott if they stole the code to notepad, you can donate one of your notepad clones. </p><p>Save them a lot of work recoding that one. </p>

  • halspuppet

    22 March, 2022 - 5:26 pm

    <p>Was trying to parse through some of the Bing source code, but kept getting pop up ads for Microsoft Editor and Longhorn Steakhouse. Where will it stop Microsoft??</p>

    • harrymyhre

      Premium Member
      22 March, 2022 - 7:02 pm

      <p>It won’t stop. It’s like if a guy discovered a gold mine back in the day. You think that guy is going to cover up the gold mine? No way. He writes to his buddies and tells them "i found a way to get some gold! We gonna be rich!"</p><p><br></p>

  • red.radar

    Premium Member
    22 March, 2022 - 7:31 pm

    <p>I wonder how long before they get into the cloud of some of their customers that they are hosting. </p>

  • pherbie

    Premium Member
    22 March, 2022 - 7:49 pm

    <p>Only 37Gb??? Given the mess that is Bing and Cortana I would expect a lot more than that. They must have only got a tiny fraction.</p>

  • hrlngrv

    Premium Member
    23 March, 2022 - 1:25 pm

    <p>Given the products, did MSFT give less than half a damn about securing their code? Or could a stronger case be made that ANYTHING which could be accessed from the Internet can’t be secured robustly.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC