Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Shiina Ito has had fewer Chinese customers at her Tokyo jewelry shop since Beijing issued a travel warning in the wake of a diplomatic spat, but she said she was not concerned. A souring of Tokyo-Beijing relations this month, following remarks by Japanese Prime Minister Sanae Takaichi about Taiwan, has fueled concerns about the impact on the ritzy boutiques, noodle joints and hotels where holidaymakers spend their cash. However, businesses in Tokyo largely shrugged off any anxiety. “Since there are fewer Chinese customers, it’s become a bit easier for Japanese shoppers to visit, so our sales haven’t really dropped,” Ito
The number of Taiwanese working in the US rose to a record high of 137,000 last year, driven largely by Taiwan Semiconductor Manufacturing Co’s (TSMC, 台積電) rapid overseas expansion, according to government data released yesterday. A total of 666,000 Taiwanese nationals were employed abroad last year, an increase of 45,000 from 2023 and the highest level since the COVID-19 pandemic, data from the Directorate-General of Budget, Accounting and Statistics (DGBAS) showed. Overseas employment had steadily increased between 2009 and 2019, peaking at 739,000, before plunging to 319,000 in 2021 amid US-China trade tensions, global supply chain shifts, reshoring by Taiwanese companies and
Taiwan Semiconductor Manufacturing Co (TSMC) Chairman C.C. Wei (魏哲家) and the company’s former chairman, Mark Liu (劉德音), both received the Robert N. Noyce Award -- the semiconductor industry’s highest honor -- in San Jose, California, on Thursday (local time). Speaking at the award event, Liu, who retired last year, expressed gratitude to his wife, his dissertation advisor at the University of California, Berkeley, his supervisors at AT&T Bell Laboratories -- where he worked on optical fiber communication systems before joining TSMC, TSMC partners, and industry colleagues. Liu said that working alongside TSMC
TECHNOLOGY DAY: The Taiwanese firm is also setting up a joint venture with Alphabet Inc on robots and plans to establish a firm in Japan to produce Model A EVs Manufacturing giant Hon Hai Precision Industry Co (鴻海精密) yesterday announced a collaboration with ChatGPT developer OpenAI to build next-generation artificial intelligence (AI) infrastructure and strengthen its local supply chain in the US to accelerate the deployment of advanced AI systems. Building such an infrastructure in the US is crucial for strengthening local supply chains and supporting the US in maintaining its leading position in the AI domain, Hon Hai said in a statement. Through the collaboration, OpenAI would share its insights into emerging hardware needs in the AI industry with Hon Hai to support the company’s design and development work, as well
RSS