Microsoft Corp is investigating whether hackers who attacked its e-mail system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, a person familiar with the investigation said.
DEVCORE (戴夫寇爾), a small firm based in Taipei that specializes in discovering computer security flaws, in December last year said that it had found bugs affecting Microsoft’s widely used Exchange business e-mail software.
Late last month, after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the Internet, researchers at Palo Alto Networks Inc said.
Photo: Reuters
Microsoft is exploring whether intelligence it shared with partners might have triggered the attack.
The firm has focused part of its probe on understanding whether DEVCORE might have been compromised, or in some way tipped off attackers that the patch was in the pipeline, the person said on condition of anonymity.
A Microsoft spokesperson confirmed the investigation, but did not comment on whether DEVCORE’s role is under scrutiny.
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” they said.
DEVCORE senior project manager Bowen Hsu (徐念恩) said that the company has found no signs that its security was breached.
“We had a thorough investigation among all the personal computers and devices owned by our employees, as well as our internal infrastructure and systems,” Hsu said. “There was no sign that any of those devices and our systems have been hacked.”
Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyberespionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory.
DEVCORE said its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30 last year, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access e-mails.
The company disclosed its discovery to Microsoft on Jan. 5 and Microsoft began working on a patch to fix the problem.
However, on Jan. 3 — two days before the disclosure to Microsoft — hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal e-mails, researchers at the Virginia-based cybersecurity firm Volexity said.
Microsoft late last month notified DEVCORE that it was nearly ready to release the security patches and that same day, there was an increase in hacker activity, security researchers at Palo Alto Networks Inc said.
The Palo Alto Networks researchers reviewed code of the malware that the hackers were using to breach the Microsoft Exchange servers and made a curious discovery: Some strains of the malware contained the password “orange.”
The researcher at DEVCORE who first found the security flaws in the exchange servers goes by the name Orange Tsai (蔡政達).
On Twitter, Tsai pointed out that the exploit used during the attacks last month “looks the same” as the one that he created as a proof of concept, and that DEVCORE reported to Microsoft.
He said he had hard-coded the password “orange” into the malware.
The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, a person familiar with the matter said.
Matthieu Faou, a malware researcher at European cybersecurity company ESET, said that the hackers might have independently found the same vulnerabilities in Microsoft Exchange.
The other most likely scenario was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner,” he added.
COMPETITION: AMD, Intel and Qualcomm are unveiling new laptop and desktop parts in Las Vegas, arguing their technologies provide the best performance for AI workloads Advanced Micro Devices Inc (AMD), the second-biggest maker of computer processors, said its chips are to be used by Dell Technologies Inc for the first time in PCs sold to businesses. The chipmaker unveiled new processors it says would make AMD-based PCs the best at running artificial intelligence (AI) software. Dell has decided to use the chips in some of its computers aimed at business customers, AMD executives said at CES in Las Vegas on Monday. Dell’s embrace of AMD for corporate PCs — it already uses the chipmaker for consumer devices — is another blow for Intel Corp as the company
ADVANCED: Previously, Taiwanese chip companies were restricted from building overseas fabs with technology less than two generations behind domestic factories Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), a major chip supplier to Nvidia Corp, would no longer be restricted from investing in next-generation 2-nanometer chip production in the US, the Ministry of Economic Affairs said yesterday. However, the ministry added that the world’s biggest contract chipmaker would not be making any reckless decisions, given the weight of its up to US$30 billion investment. To safeguard Taiwan’s chip technology advantages, the government has barred local chipmakers from making chips using more advanced technologies at their overseas factories, in China particularly. Chipmakers were previously only allowed to produce chips using less advanced technologies, specifically
MediaTek Inc (聯發科) yesterday said it is teaming up with Nvidia Corp to develop a new chip for artificial intelligence (AI) supercomputers that uses architecture licensed from Arm Holdings PLC. The new product is targeting AI researchers, data scientists and students rather than the mass PC market, the company said. The announcement comes as MediaTek makes efforts to add AI capabilities to its Dimensity chips for smartphones and tablets, Genio family for the Internet of Things devices, Pentonic series of smart TVs, Kompanio line of Arm-based Chromebooks, along with the Dimensity auto platform for vehicles. MeidaTek, the world’s largest chip designer for smartphones
TECH PULL: Electronics heavyweights also attracted strong buying ahead of the CES, analysts said. Meanwhile, Asian markets were mixed amid Trump’s incoming presidency Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) shares yesterday closed at a new high in the wake of a rally among tech stocks on Wall Street on Friday, moving the TAIEX sharply higher by more than 600 points. TSMC, the most heavily weighted stock in the TAIEX, rose 4.65 percent to close at a new high of NT$1,125, boosting its market value to NT$29.17 trillion (US$888 billion) and contributing about 400 points to the TAIEX’s rise. The TAIEX ended up 639.41 points, or 2.79 percent, at 23,547.71. Turnover totaled NT$406.478 billion, Taiwan Stock Exchange data showed. The surge in TSMC follows a positive performance
RSS