Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
MULTIFACETED: A task force has analyzed possible scenarios and created responses to assist domestic industries in dealing with US tariffs, the economics minister said The Executive Yuan is tomorrow to announce countermeasures to US President Donald Trump’s planned reciprocal tariffs, although the details of the plan would not be made public until Monday next week, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. The Cabinet established an economic and trade task force in November last year to deal with US trade and tariff related issues, Kuo told reporters outside the legislature in Taipei. The task force has been analyzing and evaluating all kinds of scenarios to identify suitable responses and determine how best to assist domestic industries in managing the effects of Trump’s tariffs, he
TIGHT-LIPPED: UMC said it had no merger plans at the moment, after Nikkei Asia reported that the firm and GlobalFoundries were considering restarting merger talks United Microelectronics Corp (UMC, 聯電), the world’s No. 4 contract chipmaker, yesterday launched a new US$5 billion 12-inch chip factory in Singapore as part of its latest effort to diversify its manufacturing footprint amid growing geopolitical risks. The new factory, adjacent to UMC’s existing Singapore fab in the Pasir Res Wafer Fab Park, is scheduled to enter volume production next year, utilizing mature 22-nanometer and 28-nanometer process technologies, UMC said in a statement. The company plans to invest US$5 billion during the first phase of the new fab, which would have an installed capacity of 30,000 12-inch wafers per month, it said. The
Taiwan’s official purchasing managers’ index (PMI) last month rose 0.2 percentage points to 54.2, in a second consecutive month of expansion, thanks to front-loading demand intended to avoid potential US tariff hikes, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. While short-term demand appeared robust, uncertainties rose due to US President Donald Trump’s unpredictable trade policy, CIER president Lien Hsien-ming (連賢明) told a news conference in Taipei. Taiwan’s economy this year would be characterized by high-level fluctuations and the volatility would be wilder than most expect, Lien said Demand for electronics, particularly semiconductors, continues to benefit from US technology giants’ effort
‘SWASTICAR’: Tesla CEO Elon Musk’s close association with Donald Trump has prompted opponents to brand him a ‘Nazi’ and resulted in a dramatic drop in sales Demonstrators descended on Tesla Inc dealerships across the US, and in Europe and Canada on Saturday to protest company chief Elon Musk, who has amassed extraordinary power as a top adviser to US President Donald Trump. Waving signs with messages such as “Musk is stealing our money” and “Reclaim our country,” the protests largely took place peacefully following fiery episodes of vandalism on Tesla vehicles, dealerships and other facilities in recent weeks that US officials have denounced as terrorism. Hundreds rallied on Saturday outside the Tesla dealership in Manhattan. Some blasted Musk, the world’s richest man, while others demanded the shuttering of his