• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Also Falls Victim to Hacking Group LAPSUS$

Joined
Mar 31, 2020
Messages
1,519 (0.82/day)
The hacking group LAPSUS$ responsible for the recent NVIDIA and Samsung compromises has now allegedly breached Microsoft systems gaining access to the source code for Bing and Cortana. The group temporarily published a screenshot of what looked to be an internal Microsoft developer account with access to folders labeled "Bing_UX", "Bing-Source", and "Cortana" in addition to various other sections. The group had previously posted a message seeking to recruit employees at Microsoft, Apple, and IBM to get remote access to companies systems. Microsoft has confirmed in a statement to Motherboard that they "are aware of the claims and are investigating".

Update Mar 23rd: The hackers have now published a 9 GB torrent file which includes data from over 250 Microsoft projects including 90% of the source code for Bing, and approximately 45% of the source code for Bing Maps and Cortana according to security researchers speaking with BleepingComputer.



View at TechPowerUp Main Site | Source
 
Maybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
 
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
 
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
My feeling is that it's insider information from disgruntled ex/employees that is the biggest security threat to these Companies
 
Last edited:
I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
Only for companies that don't take security seriously enough.

Yes, Microsoft is one of them. Hacking isn't a magic key.
 
All those products are kinda canned. Especially Cortana development. It ceased to develop for two years ago. Microsoft kinda agreeing defeat with Amazon Alexa and Google Home. Many features are cut down and stripped.

If that is the only thing... then meh... leaks from Microsoft happen VERY often, without any hacker help.
 
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
They can literally put up ads in places saying "work for big tech? We'll pay big dollars for info" and frikkin advertise that they want you to sell out


This may delve into politics but the US is a country that has lots of people in debt for various reasons, some of them get desperate and would absolutely 'open an innocent email' on a work PC for a bitcoin
 
The hacking group LAPSUS$ responsible for the recent NVIDIA and Samsung compromises has now allegedly breached Microsoft systems gaining access to the source code for Bing and Cortana.
I'm really starting to like these people..
Whats their demands- stop telemetery, advertisements on windows?
Sure, why not! Seems reasonable.
but the US is a country that has lots of people in debt for various reasons,
Not any more or less than anywhere else. For example, I have no debt to speak of.
 
Oh no, so horrible! Is there a petition I can sign to give Microsoft a bunch of public money to ease their hardship?
I'm really starting to root for the likes of LAPSUS$.
 
If Bing and Cortana die a horrible death because of this I will be very pleased.
Microsoft deserve all the bile and vitriol they've earned with those two words.
 
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.
You didn't pay enough attention to the series, I see? Even there, hackers exploited the weakest link first - humans.

You probably won't believe how easy is to 'hack' a person. Social engineering is the greatest tool for every hacker and group.
 
Maybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
Ever heard of winget uninstall cortana? Yeah, that works.

If Bing and Cortana die a horrible death because of this I will be very pleased.
Microsoft deserve all the bile and vitriol they've earned with those two words.
Being cynical. Hip with the techies, isn't it. You guys just looove to whine about every single thing. I've personally used Bing and it's not all that bad considering services like DDG also use it. But I'll give you that for Cortana, never liked her and promptly destroyed her from my machine, the only preinstalled thing I remove.

Whats their demands- stop telemetery, advertisements on windows?
Want to stop telemetry, to have privacy, all that stuff? You're not safe even if you don't use Windows. Kindly unplug your ethernet cable and ditch your ISP. You're not safe even then. Tracking exists in the form of SIM cards, credit cards, and a plethora of others.

And you live in a capitalist dystopia. Like it or not, you're going to get advertisements. Personally it took me less than 30 seconds to unpin all that stuff from the start menu in Windows 11 (which isn't even installed unless you click on it - they're basically shortcuts) and replace them with my own stuff. Do consider this - some people use those.

Despite how much I paid for Windows and despite the advertisements it comes with, I can easily remove them, it does not affect performance, they do not come back after a feature update, and it's still the best OS I've ever used having tried Linux on bare metal for months. I still regret doing that to this day. Their user base still has me convinced they crawl straight out of the 10th circle of hell.

Ads in explorer, I hear you furiously typing? Those are tips and tricks to remind ignorant idiots to back up their files once in a while. Or they're promotions for MS's other products that some people might find useful. Power users can simply dismiss those. But God forbid Microsoft promotes their own products in their own OS. Apple does it too but who gives a shit about that, huh. Only when MS does anything do people huff and puff their rage out.

I've been living a much more relaxed and productive life once I stopped trying my futile attempts to block corporations tracking me. I sadly can't do anything about it, so why should I care anymore.

I'm really starting to root for the likes of LAPSUS$.
Bad idea. You don't know the ulterior motives of these pricks.

I've legitimately seen the same regurgitated thoughts about Microsoft in just about every single thread. This is comparative to the standard horde hate of Epic, for example. Yes, we get it, you have a hate boner for Microsoft. How long are you gonna go out announcing it to the world until you're satisfied, and turning threads into pointless debates?

Anyway, the time for dispelling my pent up emotions is over and I'd suggest you check out line two of my signature before you bother to reply. Who are these LAPSUS$, some new cool kids on the block? Thinking they're big shit going around hacking everyone? Well they're not impressing me. Take down the entire Fortune 500 list and we'll talk. Maybe not even then. I can never sympathize with hacker groups.
 
Last edited:
If Bing and Cortana die a horrible death because of this I will be very pleased.
You are FAR from alone in that opinion. Bing is a pathetic search engine. AltaVista was better 20 years ago than Bing is now. I won't start in on Cortana as I'm sure none of you want to read that rant again...

Maybe they'll be kind enough to create a proggy called "Kill Cortana" that actually works.
CCleaner has an uninstall function that work perfectly.
 
Being cynical. Hip with the techies, isn't it. You guys just looove to whine about every single thing. I've personally used Bing and it's not all that bad considering services like DDG also use it.
Bing works just fine. It's not as effective as Google and I don't personally like it but it does at least work and people who prefer the way Yahoo indexes the 'net over Google do still exist.

No, the hate for Bing is the way Microsoft shove it down everyone's throat relentlessly, illegally, and despite multiple efforts from users/sysadmins/developers to workaround the behaviour. Bing is tied to Edge, and Edge is part of windows whether you want it to be or not. Even with third party apps installed to quell the tide of Bing and Edge, Microsoft will ignore your efforts at some point with an update and replace your choices with Edge, Bing, remind you to use a Microsoft Account, and re-enable all the telemetry options you opted out of multiple times already.

Most of the current antitrust lawsuits against Microsoft are to do with search engine choice, browser choice, and Microsoft are currently being subpoena'd in two international jurisdictions for failure to comply with the courts.
 
TF, if they could breach security of tech firms with such ease, big banks with trillions of dollars in AUM, which use third-party cybersec firms, are screwed.

I know, Evilcorp, Allsafe, Mr Robot. We are living in a meme world where all that is possible.

So far this looks like a dev account from some developer, social engineering, phishing or just reckless with his or their code, that gained access.

Still does'nt prove the systems of MS itself "got" hacked. But with access to source code, you might as well look for backdoors now on Bing for example.
 
If it were source code for Office and Windows that might be a bit more concerning (for Microsoft) but Bing and Cortana,….meh. No one cares about Bing and Cortana.
 
Hi,
Not using win-11 :eek:

Not tough to find a insider microsoft loves the h-b1 program.
 
Not true, Edge can be forcibly removed. Easily too!
Eh, we're talking more about a "uninstall Edge" button that should come with Windows, and actually uninstall Edge (or at least pull a Windows features and disable it system wide). Not something we have to dig out through PowerShell or by using a third-party application.
 
Hi,
Not sure removing would matter a large update would just reinstall missing bits plus sfc/ scannow too
Best just to disable with reg's sadly I have a shitload of them
I really need to combine them all one day so it's just one reg merge.
 
Not sure removing would matter a large update would just reinstall missing bits plus sfc/ scannow too
That's true unless you leave the folders present and use the security settings to deny "System" user and "Trusted Installer" user access to those folders.
 
Last edited:
Back
Top