Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) would not produce its most advanced technologies in the US next year, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. Kuo made the comment during an appearance at the legislature, hours after the chipmaker announced that it would invest an additional US$100 billion to expand its manufacturing operations in the US. Asked by Taiwan People’s Party Legislator-at-large Chang Chi-kai (張啟楷) if TSMC would allow its most advanced technologies, the yet-to-be-released 2-nanometer and 1.6-nanometer processes, to go to the US in the near term, Kuo denied it. TSMC recently opened its first US factory, which produces 4-nanometer
PROTECTION: The investigation, which takes aim at exporters such as Canada, Germany and Brazil, came days after Trump unveiled tariff hikes on steel and aluminum products US President Donald Trump on Saturday ordered a probe into potential tariffs on lumber imports — a move threatening to stoke trade tensions — while also pushing for a domestic supply boost. Trump signed an executive order instructing US Secretary of Commerce Howard Lutnick to begin an investigation “to determine the effects on the national security of imports of timber, lumber and their derivative products.” The study might result in new tariffs being imposed, which would pile on top of existing levies. The investigation takes aim at exporters like Canada, Germany and Brazil, with White House officials earlier accusing these economies of
Teleperformance SE, the largest call-center operator in the world, is rolling out an artificial intelligence (AI) system that softens English-speaking Indian workers’ accents in real time in a move the company claims would make them more understandable. The technology, called accent translation, coupled with background noise cancelation, is being deployed in call centers in India, where workers provide customer support to some of Teleperformance’s international clients. The company provides outsourced customer support and content moderation to global companies including Apple Inc, ByteDance Ltd’s (字節跳動) TikTok and Samsung Electronics Co Ltd. “When you have an Indian agent on the line, sometimes it’s hard
PROBE CONTINUES: Those accused falsely represented that the chips would not be transferred to a person other than the authorized end users, court papers said Singapore charged three men with fraud in a case local media have linked to the movement of Nvidia’s advanced chips from the city-state to Chinese artificial intelligence (AI) firm DeepSeek (深度求索). The US is investigating if DeepSeek, the Chinese company whose AI model’s performance rocked the tech world in January, has been using US chips that are not allowed to be shipped to China, Reuters reported earlier. The Singapore case is part of a broader police investigation of 22 individuals and companies suspected of false representation, amid concerns that organized AI chip smuggling to China has been tracked out of nations such
RSS