Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code

Carly Page

@carlypage_ / 5:33 PM GMT+2•March 23, 2022

Microsoft's Bing logo reflected on a computer keyboard.

Image Credits: Jaap Arriens / NurPhoto (opens in a new window)/ Getty Images

Microsoft has confirmed that it was breached by the Lapsus$ hacking group.

In a blog post on Tuesday — published hours after Lapsus$ posted a torrent file containing partial source code from Bing, Bing Maps and Cortana — Microsoft revealed that a single employee’s account was compromised by the hacking group, granting the attackers “limited access” to Microsoft’s systems and allowing the theft of the company’s source code.

Microsoft added that no customer code or data was compromised.

“Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft said. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

Microsoft hasn’t shared any further details about how the account was compromised but provided an overview of the Lapsus$ group’s tactics, techniques and procedures, which the company’s Threat Intelligence Center , known as MSTIC, has observed across multiple attacks. Initially, these attacks targeted organizations in South America and the U.K., though Lapsus$ has since expanded to global targets, including governments and companies in the technology, telecom, media, retail and healthcare sectors.