The LAPSU$ group stole Microsoft source codes for Bing and Cortana.

The LAPSU$ group stole Microsoft source codes for Bing and Cortana.
  • According to recent rumours, Microsoft may have been the target of a cyber attack.
  • Source code for Cortana and Bing could have been stolen by the notorious LAPSU$ hacker organisation.
  • This information first came to light on Twitter, where some screenshots were shared.
  • Everything remains a big question mark, and everyone is waiting for more information.


This hack is allegedly tied to the LAPSU$ organisation, which has previously targeted large corporations such as Nvidia, Samsung, and Vodafone.

Screenshots of a Telegram discussion and what seems to be an internal folder listing of Microsoft source code repositories were shared on Twitter as proof of what happened.

According to the images above, the fraudsters downloaded the source codes for Cortana and several Bing services.


Microsoft's source code isn't protected.

UPDATE: Microsoft verifies the attack and claims that the LAPSU$ organisation has recently broadened its scope to include a huge number of business and individual targets around the world.

To acquire access to multi-factor authentication (MFA) systems and internal systems, it typically employs phone-based social engineering, SIM-swapping, and bribing employees.

Password stealers, examining public code repositories for rogue credentials, and acquiring credentials from criminal forums are some of their other techniques.

The LAPSU$ organisation stands out because, unlike most others, it tries to extract a ransom for the data it has obtained from the companies it has targeted.

LAPSU$ may have obtained the source code for Bing, Bing Maps, and Cortana from what looks to be Bing, Bing Maps, and Cortana.

At this time, it's unknown whether the attackers have downloaded the whole source code, or whether other Microsoft programmes or services are included in the dump.

Source codes can be studied for security flaws that other malevolent third parties could exploit since they may include important information.


These source codes may also contain valuable assets like as code signing certificates, access tokens, or API credentials, which can be exploited.

However, the Redmond-based software company has a development strategy in place that prohibits such products from being included.


Officials from Redmond had this to say about what had just happened: "Even though the evidence is quite compelling, there is still a lot of doubt as to what truly happened between Microsoft and LAPSU$," they said.

However, looking back and judging solely on the hacking group's track record, the purported hack seems highly likely to have occurred.

The question of whether the obtained material is valuable enough to compel Microsoft to pay a ransom for failing to disclose it on the Internet is still up for debate.

What are your thoughts on the subject? Let us know what you think in the comments area below.