Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Taichung reported the steepest fall in completed home prices among the six special municipalities in the first quarter of this year, data compiled by Taiwan Realty Co (台灣房屋) showed yesterday. From January through last month, the average transaction price for completed homes in Taichung fell 8 percent from a year earlier to NT$299,000 (US$9,483) per ping (3.3m²), said Taiwan Realty, which compiled the data based on the government’s price registration platform. The decline could be attributed to many home buyers choosing relatively affordable used homes to live in themselves, instead of newly built homes in the city’s prime property market, Taiwan Realty
The government yesterday approved applications by Alphabet Inc’s Google to invest NT$27.08 billion (US$859.98 million) in Taiwan, the Ministry of Economic Affairs said in a statement. The Department of Investment Review approved two investments proposed by Google, with much of the funds to be used for data processing and electronic information supply services, as well as inventory procurement businesses in the semiconductor field, the ministry said. It marks the second consecutive year that Google has applied to increase its investment in Taiwan. Google plans to infuse NT$25.34 billion into Charter Investments Ltd (特許投資顧問) through its Singapore-based subsidiary Fructan Holdings Singapore Pte Ltd, and
Micron Technology Inc is a driving force pushing the US Congress to pass legislation that would put new export restrictions on equipment its Chinese competitors use to make their chips, according to people familiar with the matter. A US House of Representatives panel yesterday was to vote on the “MATCH Act,” a bill designed to close gaps in restrictions on chipmaking equipment. It would also pressure foreign companies that sell equipment to Chinese chipmaking facilities to align with export curbs on US companies like Lam Research Corp and Applied Materials Inc. The bill targets facilities operated by China’s ChangXin Memory Technologies Inc
Singapore-based ride-hailing and delivery giant Grab Holdings’ planned acquisition of Foodpanda’s Taiwan operations has yet to enter the formal review stage, as regulators await supplementary documents, the Fair Trade Commission (FTC) said yesterday. Acting FTC Chairman Chen Chih-min (陳志民) told the legislature’s Economics Committee that although Grab submitted its application on March 27, the case has not been officially accepted because required materials remain incomplete. Once the filing is finalized, the FTC would launch a formal probe into the deal, focusing on issues such as cross-shareholding and potential restrictions on market competition, Chen told lawmakers. Grab last month announced that it would acquire
RSS