Tuesday, March 22nd 2022

Microsoft Also Falls Victim to Hacking Group LAPSUS$

The hacking group LAPSUS$ responsible for the recent NVIDIA and Samsung compromises has now allegedly breached Microsoft systems gaining access to the source code for Bing and Cortana. The group temporarily published a screenshot of what looked to be an internal Microsoft developer account with access to folders labeled "Bing_UX", "Bing-Source", and "Cortana" in addition to various other sections. The group had previously posted a message seeking to recruit employees at Microsoft, Apple, and IBM to get remote access to companies systems. Microsoft has confirmed in a statement to Motherboard that they "are aware of the claims and are investigating".

Update Mar 23rd: The hackers have now published a 9 GB torrent file which includes data from over 250 Microsoft projects including 90% of the source code for Bing, and approximately 45% of the source code for Bing Maps and Cortana according to security researchers speaking with BleepingComputer.
Sources: Motherboard, BleepingComputer, Microsoft
Add your own comment

45 Comments on Microsoft Also Falls Victim to Hacking Group LAPSUS$

#1
Bones
Maybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
Posted on Reply
#2
btarunr
Editor & Senior Moderator
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
Posted on Reply
#3
Chaitanya
Whats their demands- stop telemetery, advertisements on windows?
Posted on Reply
#4
The King
btarunrTF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
My feeling is that it's insider information from disgruntled ex/employees that is the biggest security threat to these Companies
Posted on Reply
#5
R-T-B
btarunrI know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
Only for companies that don't take security seriously enough.

Yes, Microsoft is one of them. Hacking isn't a magic key.
Posted on Reply
#6
mb194dc
People will always be the vulnerability not the technology. They can be manipulated, socially engineered. Especially in a big company with potentially thousands of employees with credentials.
Posted on Reply
#7
Ferrum Master
All those products are kinda canned. Especially Cortana development. It ceased to develop for two years ago. Microsoft kinda agreeing defeat with Amazon Alexa and Google Home. Many features are cut down and stripped.

If that is the only thing... then meh... leaks from Microsoft happen VERY often, without any hacker help.
Posted on Reply
#8
Mussels
Freshwater Moderator
btarunrTF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
They can literally put up ads in places saying "work for big tech? We'll pay big dollars for info" and frikkin advertise that they want you to sell out


This may delve into politics but the US is a country that has lots of people in debt for various reasons, some of them get desperate and would absolutely 'open an innocent email' on a work PC for a bitcoin
Posted on Reply
#9
lexluthermiester
UskompufThe hacking group LAPSUS$ responsible for the recent NVIDIA and Samsung compromises has now allegedly breached Microsoft systems gaining access to the source code for Bing and Cortana.
I'm really starting to like these people..
ChaitanyaWhats their demands- stop telemetery, advertisements on windows?
Sure, why not! Seems reasonable.
Musselsbut the US is a country that has lots of people in debt for various reasons,
Not any more or less than anywhere else. For example, I have no debt to speak of.
Posted on Reply
#10
TheUn4seen
Oh no, so horrible! Is there a petition I can sign to give Microsoft a bunch of public money to ease their hardship?
I'm really starting to root for the likes of LAPSUS$.
Posted on Reply
#11
Vayra86
ChaitanyaWhats their demands- stop telemetery, advertisements on windows?
Bring back Windows XP
Posted on Reply
#12
Chrispy_
If Bing and Cortana die a horrible death because of this I will be very pleased.
Microsoft deserve all the bile and vitriol they've earned with those two words.
Posted on Reply
#13
zlobby
btarunrTF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
You didn't pay enough attention to the series, I see? Even there, hackers exploited the weakest link first - humans.

You probably won't believe how easy is to 'hack' a person. Social engineering is the greatest tool for every hacker and group.
Posted on Reply
#14
Cutechri
BonesMaybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
Ever heard of winget uninstall cortana? Yeah, that works.
Chrispy_If Bing and Cortana die a horrible death because of this I will be very pleased.
Microsoft deserve all the bile and vitriol they've earned with those two words.
Being cynical. Hip with the techies, isn't it. You guys just looove to whine about every single thing. I've personally used Bing and it's not all that bad considering services like DDG also use it. But I'll give you that for Cortana, never liked her and promptly destroyed her from my machine, the only preinstalled thing I remove.
ChaitanyaWhats their demands- stop telemetery, advertisements on windows?
Want to stop telemetry, to have privacy, all that stuff? You're not safe even if you don't use Windows. Kindly unplug your ethernet cable and ditch your ISP. You're not safe even then. Tracking exists in the form of SIM cards, credit cards, and a plethora of others.

And you live in a capitalist dystopia. Like it or not, you're going to get advertisements. Personally it took me less than 30 seconds to unpin all that stuff from the start menu in Windows 11 (which isn't even installed unless you click on it - they're basically shortcuts) and replace them with my own stuff. Do consider this - some people use those.

Despite how much I paid for Windows and despite the advertisements it comes with, I can easily remove them, it does not affect performance, they do not come back after a feature update, and it's still the best OS I've ever used having tried Linux on bare metal for months. I still regret doing that to this day. Their user base still has me convinced they crawl straight out of the 10th circle of hell.

Ads in explorer, I hear you furiously typing? Those are tips and tricks to remind ignorant idiots to back up their files once in a while. Or they're promotions for MS's other products that some people might find useful. Power users can simply dismiss those. But God forbid Microsoft promotes their own products in their own OS. Apple does it too but who gives a shit about that, huh. Only when MS does anything do people huff and puff their rage out.

I've been living a much more relaxed and productive life once I stopped trying my futile attempts to block corporations tracking me. I sadly can't do anything about it, so why should I care anymore.
TheUn4seenI'm really starting to root for the likes of LAPSUS$.
Bad idea. You don't know the ulterior motives of these pricks.

I've legitimately seen the same regurgitated thoughts about Microsoft in just about every single thread. This is comparative to the standard horde hate of Epic, for example. Yes, we get it, you have a hate boner for Microsoft. How long are you gonna go out announcing it to the world until you're satisfied, and turning threads into pointless debates?

Anyway, the time for dispelling my pent up emotions is over and I'd suggest you check out line two of my signature before you bother to reply. Who are these LAPSUS$, some new cool kids on the block? Thinking they're big shit going around hacking everyone? Well they're not impressing me. Take down the entire Fortune 500 list and we'll talk. Maybe not even then. I can never sympathize with hacker groups.
Posted on Reply
#15
lexluthermiester
Chrispy_If Bing and Cortana die a horrible death because of this I will be very pleased.
You are FAR from alone in that opinion. Bing is a pathetic search engine. AltaVista was better 20 years ago than Bing is now. I won't start in on Cortana as I'm sure none of you want to read that rant again...
BonesMaybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
CCleaner has an uninstall function that work perfectly.
Posted on Reply
#16
Chrispy_
CutechriBeing cynical. Hip with the techies, isn't it. You guys just looove to whine about every single thing. I've personally used Bing and it's not all that bad considering services like DDG also use it.
Bing works just fine. It's not as effective as Google and I don't personally like it but it does at least work and people who prefer the way Yahoo indexes the 'net over Google do still exist.

No, the hate for Bing is the way Microsoft shove it down everyone's throat relentlessly, illegally, and despite multiple efforts from users/sysadmins/developers to workaround the behaviour. Bing is tied to Edge, and Edge is part of windows whether you want it to be or not. Even with third party apps installed to quell the tide of Bing and Edge, Microsoft will ignore your efforts at some point with an update and replace your choices with Edge, Bing, remind you to use a Microsoft Account, and re-enable all the telemetry options you opted out of multiple times already.

Most of the current antitrust lawsuits against Microsoft are to do with search engine choice, browser choice, and Microsoft are currently being subpoena'd in two international jurisdictions for failure to comply with the courts.
Posted on Reply
#17
lexluthermiester
Chrispy_Bing is tied to Edge, and Edge is part of windows whether you want it to be or not.
Not true, Edge can be forcibly removed. Easily too!
Posted on Reply
#18
Jism
btarunrTF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
So far this looks like a dev account from some developer, social engineering, phishing or just reckless with his or their code, that gained access.

Still does'nt prove the systems of MS itself "got" hacked. But with access to source code, you might as well look for backdoors now on Bing for example.
Posted on Reply
#19
Octavean
If it were source code for Office and Windows that might be a bit more concerning (for Microsoft) but Bing and Cortana,….meh. No one cares about Bing and Cortana.
Posted on Reply
#20
ThrashZone
Hi,
Not using win-11 :eek:

Not tough to find a insider microsoft loves the h-b1 program.
Posted on Reply
#21
windwhirl
lexluthermiesterNot true, Edge can be forcibly removed. Easily too!
Eh, we're talking more about a "uninstall Edge" button that should come with Windows, and actually uninstall Edge (or at least pull a Windows features and disable it system wide). Not something we have to dig out through PowerShell or by using a third-party application.
Posted on Reply
#22
lexluthermiester
windwhirlNot something we have to dig out through PowerShell or by using a third-party application.
To be fair, you don't need either method. But CCleaner is the easiest.
Posted on Reply
#23
ThrashZone
Hi,
Not sure removing would matter a large update would just reinstall missing bits plus sfc/ scannow too
Best just to disable with reg's sadly I have a shitload of them
I really need to combine them all one day so it's just one reg merge.
Posted on Reply
#24
lexluthermiester
ThrashZoneNot sure removing would matter a large update would just reinstall missing bits plus sfc/ scannow too
That's true unless you leave the folders present and use the security settings to deny "System" user and "Trusted Installer" user access to those folders.
Posted on Reply
#25
ThrashZone
Hi,
Is combining a reg as easy as select all and copy and paste over and over ?
Posted on Reply
Add your own comment
Jul 2nd, 2022 03:25 EDT change timezone

New Forum Posts

Popular Reviews

Controversial News Posts