Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
NO BREAKTHROUGH? More substantial ‘deliverables,’ such as tariff reductions, would likely be saved for a meeting between Trump and Xi later this year, a trade expert said China launched two probes targeting the US semiconductor sector on Saturday ahead of talks between the two nations in Spain this week on trade, national security and the ownership of social media platform TikTok. China’s Ministry of Commerce announced an anti-dumping investigation into certain analog integrated circuits (ICs) imported from the US. The investigation is to target some commodity interface ICs and gate driver ICs, which are commonly made by US companies such as Texas Instruments Inc and ON Semiconductor Corp. The ministry also announced an anti-discrimination probe into US measures against China’s chip sector. US measures such as export curbs and tariffs
The US on Friday penalized two Chinese firms that acquired US chipmaking equipment for China’s top chipmaker, Semiconductor Manufacturing International Corp (SMIC, 中芯國際), including them among 32 entities that were added to the US Department of Commerce’s restricted trade list, a US government posting showed. Twenty-three of the 32 are in China. GMC Semiconductor Technology (Wuxi) Co (吉姆西半導體科技) and Jicun Semiconductor Technology (Shanghai) Co (吉存半導體科技) were placed on the list, formally known as the Entity List, for acquiring equipment for SMIC Northern Integrated Circuit Manufacturing (Beijing) Corp (中芯北方積體電路) and Semiconductor Manufacturing International (Beijing) Corp (中芯北京), the US Federal Register posting said. The
India’s ban of online money-based games could drive addicts to unregulated apps and offshore platforms that pose new financial and social risks, fantasy-sports gaming experts say. Indian Prime Minister Narendra Modi’s government banned real-money online games late last month, citing financial losses and addiction, leading to a shutdown of many apps offering paid fantasy cricket, rummy and poker games. “Many will move to offshore platforms, because of the addictive nature — they will find alternate means to get that dopamine hit,” said Viren Hemrajani, a Mumbai-based fantasy cricket analyst. “It [also] leads to fraud and scams, because everything is now
MORTGAGE WORRIES: About 34% of respondents to a survey said they would approach multiple lenders to pay for a home, while 29.2% said they would ask family for help New housing projects in Taiwan’s six special municipalities, as well as Hsinchu city and county, are projected to total NT$710.65 billion (US$23.61 billion) in the upcoming fall sales season, a record 30 percent decrease from a year earlier, as tighter mortgage rules prompt developers to pull back, property listing platform 591.com (591新建案) said yesterday. The number of projects has also fallen to 312, a more than 20 percent decrease year-on-year, underscoring weakening sentiment and momentum amid lingering policy and financing headwinds. New Taipei City and Taoyuan bucked the downturn in project value, while Taipei, Hsinchu city and county, Taichung, Tainan and Kaohsiung
RSS