Ransomware group claims breach at Microsoft, leaks sources codes of Cortana and Bing

After Nvidia and Samsung, notorious ransomware group Lapsus$ claims it has stolen and leaked data related to Microsoft applications such as Cortana, Bing, and Bing Maps.

In a Telegram post, the hacker group alleged, "Leak of some Bing, Bing maps and Cortana source code- Bing maps is 90% complete dump. Bing and Cortana around 45%.”

The group claims it has hacked into an Azure DevOps server and gained access to the repositories of these applications, according to a VentureBeat report.

Microsoft has not confirmed the breach of Azure DevOps servers or leak of its source codes but is reportedly looking into the claims made by the hackers. However, several security researchers believe the leaked data belongs to Microsoft.

Dumping stolen data that often includes critical information such as source codes of applications has become a trend among cybercriminals. By sharing the data partially, hacker groups are trying to pressurise companies into paying a ransom to prevent them from leaking all the data online.

Also read: Nvidia counter-hacks ransomware gang, but the group had already backed up stolen data

Over the last few months, Lapsus$ has used the same tactic on several big tech companies including Samsung, Nvidia, and Ubisoft.

In the case of Samsung, the hacker group allegedly leaked 200GB worth of confidential data that included the source code of the company’s Galaxy smartphones. According to a Bleeping Computer report, the leaked Microsoft data is worth 37GB and includes source codes of over 250 projects.

In a rare moment, Nvidia, after being targeted by Lapsus$ in mid-February, retaliated by hacking the group’s systems to prevent it from leaking the stolen data. Nvidia had earlier said that the hackers had stolen 1TB of data that included proprietary information such as source codes of DLSS rendering system and design of new GPUs.

According to a July 2021 report on the cost of data breaches by IBM Security, the average cost incurred by companies on data breaches has grown to $4.24 million per incident, up from $3.86 million in 2020. In the case of massive data breaches involving large multinational companies where over 50-65 million records were leaked, the average cost was $401 million.