Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Anna Bhobho, a 31-year-old housewife from rural Zimbabwe, was once a silent observer in her home, excluded from financial and family decisionmaking in the deeply patriarchal society. Today, she is a driver of change in her village, thanks to an electric tricycle she owns. In many parts of rural sub-Saharan Africa, women have long been excluded from mainstream economic activities such as operating public transportation. However, three-wheelers powered by green energy are reversing that trend, offering financial opportunities and a newfound sense of importance. “My husband now looks up to me to take care of a large chunk of expenses,
SECTOR LEADER: TSMC can increase capacity by as much as 20 percent or more in the advanced node part of the foundry market by 2030, an analyst said Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) is expected to lead its peers in the advanced 2-nanometer process technology, despite competition from Samsung Electronics Co and Intel Corp, TrendForce Corp analyst Joanne Chiao (喬安) said. TSMC’s sophisticated products and its large production scale are expected to allow the company to continue dominating the global 2-nanometer process market this year, Chiao said. The world’s largest contract chipmaker is scheduled to begin mass production of chips made on the 2-nanometer process in its Hsinchu fab in the second half of this year. It would also hold a ceremony on Monday next week to
TECH CLUSTER: The US company’s new office is in the Shalun Smart Green Energy Science City, a new AI industry base and cybersecurity hub in southern Taiwan US chip designer Advanced Micro Devices Inc (AMD) yesterday launched an office in Tainan’s Gueiren District (歸仁), marking a significant milestone in the development of southern Taiwan’s artificial intelligence (AI) industry, the Tainan City Government said in a statement. AMD Taiwan general manager Vincent Chern (陳民皓) presided over the opening ceremony for the company’s new office at the Shalun Smart Green Energy Science City (沙崙智慧綠能科學城), a new AI industry base and cybersecurity hub in southern Taiwan. Facilities in the new office include an information processing center, and a research and development (R&D) center, the Tainan Economic Development Bureau said. The Ministry
ADVERSARIES: The new list includes 11 entities in China and one in Taiwan, which is a local branch of Chinese cloud computing firm Inspur Group The US added dozens of entities to a trade blacklist on Tuesday, the US Department of Commerce said, in part to disrupt Beijing’s artificial intelligence (AI) and advanced computing capabilities. The action affects 80 entities from countries including China, the United Arab Emirates and Iran, with the commerce department citing their “activities contrary to US national security and foreign policy.” Those added to the “entity list” are restricted from obtaining US items and technologies without government authorization. “We will not allow adversaries to exploit American technology to bolster their own militaries and threaten American lives,” US Secretary of Commerce Howard Lutnick said. The entities
RSS