Cybercrime actors under the name “Medusa” posted a new database on their leak page, claiming it contained Microsoft data, including source code for Bing and Cortana.
Found by Emsisoft researcher Brett Callow, the message says that embedding source code can trick antivirus products into confusing malware with programs created by Microsoft.
“This leak is of more interest to developers because it contains source codes for the following Bing, Bing Maps, and Cortana products,” the announcement reads. “There are many digital signatures of Microsoft products in the leak. Many of them have not been withdrawn. Go ahead, your software will have the same level of trust as a genuine Microsoft product.”
No confirmation
While the announcement raised red flags around, no threat analyst has yet confirmed the authenticity of Medusa’s claims, so for all we know, the files may be fake.
“At this point, it’s unclear if the data is what it claims to be,” Emsisoft’s Callow said Register. “It’s also unclear if there is any connection between Medusa and Lapsus, but in retrospect, some aspects of their modus operandi are somewhat similar in nature to Lapsus.”
A year ago, a cybercrime group called Lapsus$ announced a breach of Microsoft endpoints (opens in a new tab) and the theft of approximately 37 GB of sensitive data, including the source code for Bing and Cortana. Soon after, Microsoft confirmed the breach but stated that “no code or customer data” had been downloaded. “Microsoft does not rely on code secrecy as a security measure, and reviewing the source code does not lead to increased risk,” the Redmond giant explained at the time.
So Callow could be suggesting that the attackers simply rediscovered what had already been stolen a year ago.
Medusa is a ransomware operator that gained notoriety after breaking into the Minneapolis Public Schools (MPS) neighborhood and demanding $1 million in exchange for a decryption key. Given that MPS data leaked onto the dark web soon after, it’s safe to assume that the negotiations failed.
By: Register (opens in a new tab)