Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
UNWANTED ATTENTION: In the past two months, the automaker has made headlines, with a Chinese military ban of its vehicles and a protest at an expo Electric vehicle maker Tesla Inc, facing scrutiny in China over safety and customer service complaints, is boosting its engagement with regulators and beefing up its government relations team, industry sources said. Tesla’s change of strategy leading to more behind-the-scenes interaction with policymakers in Beijing compared with relatively little previously shows the seriousness with which the US automaker views the setbacks in its second-biggest market. TALKING SHOP It also comes at a time when China is trying to regulate large and powerful private companies, especially in the technology sector, on concerns about their market dominance. As they do elsewhere, regulators in China, the world’s biggest
Chinese electric vehicle (EV) start-up Nio Inc (蔚來) reported a narrower first-quarter loss, while warning that a global chip shortage would keep a lid on deliveries. The Shanghai-based company posted a net loss of 451 million yuan (US$68.8 million) in the three months ended March 31, compared with 1.69 billion yuan a year earlier, it said in a statement. It also marked an improvement on the 1.39 billion yuan net loss it posted in the fourth quarter of last year. Revenue rose to 7.98 billion yuan, beating estimates of 7.16 billion yuan. Nio delivered 20,060 vehicles in the quarter, a 423 percent increase from
Dell Technologies Inc has agreed to sell its Boomi cloud business to private equity firms Francisco Partners and TPG in a cash deal valued at US$4 billion, as part of efforts by chief executive officer Michael Dell to trim down the PC maker. The deal is expected to close by the end of this year, the companies said in a statement on Sunday without providing additional details of the terms. Dow Jones had earlier reported that the companies were near a deal. Boomi specializes in integrating different cloud platforms for companies and has more than 15,000 customers. Dell agreed to acquire the company for
Intel Corp wants 8 billion euros (US$9.7 billion) in public subsidies toward building a semiconductor factory in Europe, chief executive officer Pat Gelsinger was cited as saying on Friday, as the region seeks to reduce its reliance on imports amid a shortage of supplies. The pitch is the first time that Gelsinger has publicly put a figure on how much state aid he would want, as Intel campaigns to take on Asian rivals in contract manufacturing. “What we’re asking from both the US and the European governments is to make it competitive for us to do it here, compared to in Asia,”