Medusa ransomware crew brags about spreading Bing, Cortana supply code

The Medusa ransomware gang has put on-line what it claims is a large leak of inner Microsoft supplies, together with Bing and Cortana supply code.

“This leak is of extra curiosity to programmers, because it accommodates the supply codes of the next Bing merchandise, Bing Maps and Cortana,” the crew wrote on its web site, which was screenshotted and shared by Emsisoft risk analyst Brett Callow.

“There are lots of digital signatures of Microsoft merchandise within the leak. A lot of them haven’t been recalled,” the gang continued. “Go forward and your software program would be the identical stage of belief as the unique Microsoft product.”

Clearly, this could possibly be a harmful stage of belief to present miscreants creating malware. Under is Callow’s abstract of the purported dump of supply code presumable obtained or stolen someway from Microsoft.

#Medusa is sharing what’s claimed to be “supply codes of the next Bing merchandise, Bing Maps and Cortana.” The leak is ~12GB and sure a part of the ~37GB leaked by Lapsus in 2022. #Microsoft 1/2 pic.twitter.com/VpofBJGEcM

— Brett Callow (@BrettCallow) April 19, 2023

To be clear: we do not know if the recordsdata are legit. Microsoft did not reply to The Register‘s request for remark, and ransomware gangs aren’t at all times probably the most reliable sources of data.

“At this level, it is unclear whether or not the info is what it is claimed to be,” Emsisoft’s Callow advised The Register. “Additionally unclear is whether or not there’s any connection between Medusa and Lapsus$ however, with hindsight, sure elements of their modus operandi does have a considerably Lapsus$ish really feel.”

He is referring to a March 2022 safety breach during which Lapsus$ claimed it broke into Microsoft’s inner DevOps setting and stole, then leaked, about 37GB of data together with what the extortionists claimed to be Bing and Cortana’s inner supply code, and WebXT compliance engineering initiatives.

Microsoft later confirmed Lapsus$ had compromised its programs, and tried to downplay the intrusion by insisting “no buyer code or information was concerned within the noticed actions.”

“Microsoft doesn’t depend on the secrecy of code as a safety measure and viewing supply code doesn’t result in elevation of threat,” it added, which is a good level. Software program must be and might be made safe whether or not its supply is personal or open.

And Lapsus$, in fact, is the presumably extinct extortion gang led by youngsters who went on a cybercrime spree final yr earlier than the arrest of its alleged ringleaders. Earlier than that, nevertheless, it stole information from Nvidia, Samsung, Okta, and others.

It could possibly be that Medusa is spreading round stuff that was already stolen and leaked.

Medusa — to not be confused with MedusaLocker, that is a separate ransomware operation — made a reputation for itself earlier this yr when it listed Minneapolis Public Colleges amongst its victims. The criminals stole about 100GB of knowledge, and demanded the college district pay a $1 million ransom earlier than in the end publishing the schooling system’s delicate info.

However earlier than dumping the info, the criminals posted a video displaying them accessing employees and scholar recordsdata, which appeared to be a primary for a ransomware gang pushing an extortion enterprise. 

Medusa was the third most prolific ransomware gang in February following assaults on Minneapolis Public Colleges and 17 different organizations that very same month, in keeping with the risk hunters at DarkFeed. ®