Microsoft confirmed the leak of source codes of technologies such as Bing and Cortana by Lapsus, a cybercriminal group that had already disclosed the invasion, from the compromise of an employee account of the company in the city of Redmond, in the United States.

According to CanalTech, 37 GB of information was released on the internet last Sunday, the 20th. This includes 90% of the codes related to Bing Maps and 45% of the elements related to Cortana and the Bing search engine.

In the official statement, Microsoft stated that the contributor’s profile was part of a software development platform — according to Lapsus, Azure DevOps.

Because of this, part of the source codes of the solutions ended up being accessed and released in a torrent file through a group on Telegram. They were used by the group for new target disclosures, stakeholder recruitment and data leakage.

Microsoft claims that the compromise happened in a single account and does not involve customer data or sensitive files from the company itself or its partners.

Although the source codes are considered confidential, the company believes that its availability should not increase the risk of attacks against its infrastructure and that of those who use the technologies on a daily basis, with security teams acting quickly to close unauthorized access and prevent new activities.

Also according to the publication, the information matches what was passed by Lapsus himself on Sunday, with the partial publication of source codes for Microsoft services.

The company also said that it is tracking the activities of the group and indicating the preferred focus of cybercriminals in obtaining access credentials that allow initial intrusion into corporate networks.

The company did not comment, however, on how those responsible gained access, whether through phishing attacks, leaked databases, use of malware, employee payments or other methods.

Other methods have already been used by the group in previous intrusions, such as cloning SIM cards to receive two-step authentication codes and using vulnerabilities in infrastructure and software development platforms.

Once on the network, the search becomes for accounts with the highest possible level of administration, which allow the exfiltration of data and the obtaining of confidential information.

Microsoft would not have been the only company compromised by Lapsus last weekend.

Hours apart, the cybercriminal group also released a document with tens of thousands of entries belonging to LG, allegedly with employee accounts in hash format.

In addition, screenshots of the internal systems and configuration platforms of Okta, a data security and authentication company that provides services to thousands of organizations, governments and universities around the world, were released.