The Medusa ransomware crew recently announced their alleged theft of a database containing Microsoft's source code for Bing and Cortana. The threat actors claimed to have posted this information on their leak site, sparking concerns across the tech industry.
This news was discovered by Emsisoft researcher Brett Callow, who said the announcement suggested that embedding the stolen source code could trick antivirus products into mistaking malware for legitimate, Microsoft-crafted programs. According to the ransomware group, the leak holds particular interest for programmers due to the inclusion of data from various Bing products, Bing Maps, and Cortana.
The announcement also boasted numerous unrecalled digital signatures of Microsoft products. Medusa encouraged users to go ahead and use them, with the assurance that their software would achieve the same degree of trust as the original Microsoft product.
Despite the serious nature of these claims, no threat analysts have yet verified the authenticity of Medusa's announcement. Consequently, it remains unclear whether the files are genuine. Callow shared his thoughts with The Register:
At this point, it's unclear whether the data is what it's claimed to be. Also unclear is whether there's any connection between Medusa and Lapsus$ but, with hindsight, certain aspects of their modus operandi does have a somewhat Lapsus$ish feel.
About a year ago, another threat actor named Lapsus$ claimed to have broken into Microsoft's endpoints and stolen roughly 37GB of sensitive data, including Bing and Cortana's source code. Microsoft later confirmed the breach but stated that no customer code or data had been taken. The company also emphasized that seeing source code in no way elevates security risks.
This raises the possibility that Medusa's announcement may simply be a re-release of previously stolen information. The credibility of their claims is currently uncertain, but their ransomware activities have garnered significant attention in the past. The group rocketed to infamy after breaching the Minneapolis Public Schools (MPS) district and demanding a $1 million ransom for the decryption key. Following the data leak to the dark web, it seems likely that negotiations between the MPS and Medusa were unsuccessful.
As businesses and organizations continue to rely on digital solutions to an ever-increasing extent, the importance of secure and reliable platforms becomes paramount. One such platform is AppMaster, a powerful no-code tool that enables users to create backend, web, and mobile applications. With thousands of users globally, AppMaster.io has garnered a high performance rating from G2 for categories such as No-Code Development Platforms, Rapid Application Development (RAD), API Management, and more. Customers can create a free account and explore AppMaster's features, making it an attractive and secure solution in an age of escalating cybersecurity threats.
