Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) has secured three construction permits for its plan to build a state-of-the-art A14 wafer fab in Taichung, and is likely to start construction soon, the Central Taiwan Science Park Bureau said yesterday. Speaking with CNA, Wang Chun-chieh (王俊傑), deputy director general of the science park bureau, said the world’s largest contract chipmaker has received three construction permits — one to build a fab to roll out sophisticated chips, another to build a central utility plant to provide water and electricity for the facility and the other to build three office buildings. With the three permits, TSMC
RUN IT BACK: A succesful first project working with hyperscalers to design chips encouraged MediaTek to start a second project, aiming to hit stride in 2028 MediaTek Inc (聯發科), the world’s biggest smartphone chip supplier, yesterday said it is engaging a second hyperscaler to help design artificial intelligence (AI) accelerators used in data centers following a similar project expected to generate revenue streams soon. The first AI accelerator project is to bring in US$1 billion revenue next year and several billion US dollars more in 2027, MediaTek chief executive officer Rick Tsai (蔡力行) told a virtual investor conference yesterday. The second AI accelerator project is expected to contribute to revenue beginning in 2028, Tsai said. MediaTek yesterday raised its revenue forecast for the global AI accelerator used
The DBS Foundation yesterday announced the launch of two flagship programs, “Silver Motion” and “Happier Caregiver, Healthier Seniors,” in partnership with CCILU Ltd, Hondao Senior Citizens’ Welfare Foundation and the Garden of Hope Foundation to help Taiwan face the challenges of a rapidly aging population. The foundation said it would invest S$4.91 million (US$3.8 million) over three years to foster inclusion and resilience in an aging society. “Aging may bring challenges, but it also brings opportunities. With many Asian markets rapidly becoming super-aged, the DBS Foundation is working with a regional ecosystem of like-minded partners across the private, public and people sectors
BREAKTHROUGH TECH: Powertech expects its fan-out PLP system to become mainstream, saying it can offer three-times greater production throughput Chip packaging service provider Powertech Technology Inc (力成科技) plans to more than double its capital expenditures next year to more than NT$40 billion (US$1.31 billion) as demand for its new panel-level packaging (PLP) technology, primarily used in chips for artificial intelligence (AI) applications, has greatly exceeded what it can supply. A significant portion of the budget, about US$1 billion, would be earmarked for fan-out PLP technology, Powertech told investors yesterday. Its heavy investment in fan-out PLP technology over the past 10 years is expected to bear fruit in 2027 after the technology enters volume production, it said, adding that the tech would
RSS