Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
HORMUZ ISSUE: The US president said he expected crude prices to drop at the end of the war, which he called a ‘minor excursion’ that could continue ‘for a little while’ The United Arab Emirates (UAE) and Kuwait started reducing oil production, as the near-closure of the crucial Strait of Hormuz ripples through energy markets and affects global supply. Abu Dhabi National Oil Co (ADNOC) is “managing offshore production levels to address storage requirements,” the company said in a statement, without giving details. Kuwait Petroleum Corp said it was lowering production at its oil fields and refineries after “Iranian threats against safe passage of ships through the Strait of Hormuz.” The war in the Middle East has all but closed Hormuz, the narrow waterway linking the Persian Gulf to the open seas,
Nanya Technology Corp (南亞科技) yesterday said the DRAM supply crunch could extend through 2028, as the artificial intelligence (AI) boom has led the world’s major memory makers to dramatically reduce production of standard DRAM and allocate a significant portion of their capacity for high-bandwidth memory (HBM) chips. The most severe supply constraints would stretch to the first half of next year due to “very limited” increases in new DRAM capacity worldwide, Nanya Technology president Lee Pei-ing (李培瑛) told a news briefing. The company plans to increase monthly 12-inch wafer capacity to 20,000 in the first half of 2028 after a
Taiwan has enough crude oil reserves for more than 100 days and sufficient natural gas reserves for more than 11 days, both above the regulatory safety requirement, Minister of Economic Affairs Kung Ming-hsin (龔明鑫) said yesterday, adding that the government would prioritize domestic price stability as conflicts in the Middle East continue. Overall, energy supply for this month is secure, and the government is continuing efforts to ensure sufficient supply for next month, Kung told reporters after meeting with representatives from business groups at the ministry in Taipei. The ministry has been holding daily cross-ministry meetings at the Executive Yuan to ensure
Property transactions in the nation’s six special municipalities plunged last month, as a lengthy Lunar New Year holiday combined with ongoing credit tightening dampened housing market activity, data compiled by local land administration offices released on Monday showed. The six cities recorded a total of 10,480 property transfers last month, down 42.5 percent from January and marking the second-lowest monthly level on record, the data showed. “The sharp drop largely reflected seasonal factors and tighter credit conditions,” Evertrust Rehouse Co (永慶房屋) deputy research manager Chen Chin-ping (陳金萍) said. The nine-day Lunar New Year holiday fell in February this year, reducing
RSS