Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
The domestic unit of the Chinese-owned, Dutch-headquartered chipmaker Nexperia BV will soon be able to produce semiconductors locally within China, according to two company sources. Nexperia is at the center of a global tug-of-war over critical semiconductor technology, with a Dutch court in February ordering a probe into alleged mismanagement at the company. The geopolitical tussle has disrupted supply chains, with some carmakers reportedly forced to cut production due to chip shortages. Local production would allow Nexperia’s domestic arm, Nexperia Semiconductors (China) Ltd (安世半導體中國), to bypass restrictions in place since October on the supply of silicon wafers — etched with tiny components to
Taiwan is open to joining a global liquefied natural gas (LNG) program if one is created, but on the condition that countries provide delivery even in a scenario where there is a conflict with China, an energy department official said yesterday. While Taiwan’s priority is to have enough LNG at home, the nation is open to exploring potential strategic reserves in other countries such as Japan or South Korea, Energy Administration Deputy Director-General Chen Chung-hsien (陳崇憲) said. While the LNG market does not have a global reserve for emergencies like that of oil, the concept has been raised a few times —
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday received government approval to deploy its advanced 3-nanometer (3nm) process at its second fab currently under construction in Japan, the Ministry of Economic Affairs said in a news release. The ministry green-lit the plan for the facility in Kumamoto, which is scheduled to start installing equipment and come online in 2028 with a monthly production capacity of 15,000 12-inch wafers, the ministry said. The Department of Investment Review in June 2024 authorized a US$5.26 billion investment for the facility, slated to manufacture 6- to 12nm chips, significantly less advanced than 3nm process. At a meeting with
Standard Chartered Taiwan on March 26 announced that it has partnered with international fintech firm FinIQ to build an “Automated Structured Products Pricing Platform.” The bank is also introducing products from global issuers including Goldman Sachs Group Inc, Barclays PLC and BNP Paribas SA. The new platform enables an end-to-end process whereby it finds the most competitive pricing across multiple issuers in a matter of minutes, followed by automated documentation and transaction execution, which significantly shortens time-to-market and delivers a superior wealth management experience. Standard Chartered Bank Taiwan CEO Anthony Yu (游天立) said: “Standard Chartered is increasingly leveraging its wealth management
RSS