Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
Taiwanese suppliers to Taiwan Semiconductor Manufacturing Co. (TSMC, 台積電) are expected to follow the contract chipmaker’s step to invest in the US, but their relocation may be seven to eight years away, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. When asked by opposition Chinese Nationalist Party (KMT) Legislator Niu Hsu-ting (牛煦庭) in the legislature about growing concerns that TSMC’s huge investments in the US will prompt its suppliers to follow suit, Kuo said based on the chipmaker’s current limited production volume, it is unlikely to lead its supply chain to go there for now. “Unless TSMC completes its planned six
Power supply and electronic components maker Delta Electronics Inc (台達電) yesterday said second-quarter revenue is expected to surpass the first quarter, which rose 30 percent year-on-year to NT$118.92 billion (US$3.71 billion). Revenue this quarter is likely to grow, as US clients have front-loaded orders ahead of US President Donald Trump’s planned tariffs on Taiwanese goods, Delta chairman Ping Cheng (鄭平) said at an earnings conference in Taipei, referring to the 90-day pause in tariff implementation Trump announced on April 9. While situations in the third and fourth quarters remain unclear, “We will not halt our long-term deployments and do not plan to
‘SHORT TERM’: The local currency would likely remain strong in the near term, driven by anticipated US trade pressure, capital inflows and expectations of a US Fed rate cut The US dollar is expected to fall below NT$30 in the near term, as traders anticipate increased pressure from Washington for Taiwan to allow the New Taiwan dollar to appreciate, Cathay United Bank (國泰世華銀行) chief economist Lin Chi-chao (林啟超) said. Following a sharp drop in the greenback against the NT dollar on Friday, Lin told the Central News Agency that the local currency is likely to remain strong in the short term, driven in part by market psychology surrounding anticipated US policy pressure. On Friday, the US dollar fell NT$0.953, or 3.07 percent, closing at NT$31.064 — its lowest level since Jan.
The New Taiwan dollar and Taiwanese stocks surged on signs that trade tensions between the world’s top two economies might start easing and as US tech earnings boosted the outlook of the nation’s semiconductor exports. The NT dollar strengthened as much as 3.8 percent versus the US dollar to 30.815, the biggest intraday gain since January 2011, closing at NT$31.064. The benchmark TAIEX jumped 2.73 percent to outperform the region’s equity gauges. Outlook for global trade improved after China said it is assessing possible trade talks with the US, providing a boost for the nation’s currency and shares. As the NT dollar
RSS