Microsoft's digital signatures will allow cybercriminals to gain invulnerability to security measures.
The Medusa ransomware gang has leaked the source code of Microsoft Bing, Bing Maps and Cortana online, and stated this on their website:
“This leak is of more interest to programmers because it contains the source code for Bing, Bing Maps and Cortana products. There are many digital signatures of Microsoft products in the leak. Many of them have not been withdrawn. Go ahead and your software will have the same level of trust as the original Microsoft product,” the hackers wrote on their website.
The message of the cybercriminals was published by Emsisoft Threat Analyst Brett Callow on his Twitter*. According to the specialist, the leak is about 12 GB and is part of the 37 GB stolen by the Lapsus group in 2022. Microsoft did not provide any comments on the leak, so the authenticity of the words of the hackers has not been confirmed.
According to Callow, it's not clear if there is any connection between Medusa and Lapsus$, but some aspects of the modus operandi (sacrifices, tools, etc.) do resemble Lapsus$. This refers to an incident in March 2022, when Lapsus$ hackers claimed to have hacked into the internal Microsoft Azure DevOps environment and stole about 37 GB of information, including Bing and Cortana internal source code, as well as WebXT compliance engineering projects.