Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
CAUTIOUS RECOVERY: While the manufacturing sector returned to growth amid the US-China trade truce, firms remain wary as uncertainty clouds the outlook, the CIER said The local manufacturing sector returned to expansion last month, as the official purchasing managers’ index (PMI) rose 2.1 points to 51.0, driven by a temporary easing in US-China trade tensions, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. The PMI gauges the health of the manufacturing industry, with readings above 50 indicating expansion and those below 50 signaling contraction. “Firms are not as pessimistic as they were in April, but they remain far from optimistic,” CIER president Lien Hsien-ming (連賢明) said at a news conference. The full impact of US tariff decisions is unlikely to become clear until later this month
Popular vape brands such as Geek Bar might get more expensive in the US — if you can find them at all. Shipments of vapes from China to the US ground to a near halt last month from a year ago, official data showed, hit by US President Donald Trump’s tariffs and a crackdown on unauthorized e-cigarettes in the world’s biggest market for smoking alternatives. That includes Geek Bar, a brand of flavored vapes that is not authorized to sell in the US, but which had been widely available due to porous import controls. One retailer, who asked not to be named, because
CHIP DUTIES: TSMC said it voiced its concerns to Washington about tariffs, telling the US commerce department that it wants ‘fair treatment’ to protect its competitiveness Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday reiterated robust business prospects for this year as strong artificial intelligence (AI) chip demand from Nvidia Corp and other customers would absorb the impacts of US tariffs. “The impact of tariffs would be indirect, as the custom tax is the importers’ responsibility, not the exporters,” TSMC chairman and chief executive officer C.C. Wei (魏哲家) said at the chipmaker’s annual shareholders’ meeting in Hsinchu City. TSMC’s business could be affected if people become reluctant to buy electronics due to inflated prices, Wei said. In addition, the chipmaker has voiced its concern to the US Department of Commerce
Real estate agent and property developer JSL Construction & Development Co (愛山林) led the average compensation rankings among companies listed on the Taiwan Stock Exchange (TWSE) last year, while contract chipmaker Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) finished 14th. JSL Construction paid its employees total average compensation of NT$4.78 million (US$159,701), down 13.5 percent from a year earlier, but still ahead of the most profitable listed tech giants, including TSMC, TWSE data showed. Last year, the average compensation (which includes salary, overtime, bonuses and allowances) paid by TSMC rose 21.6 percent to reach about NT$3.33 million, lifting its ranking by 10 notches
RSS