Microsoft probes clue that hackers have hacked research in Taiwan

(Bloomberg) – Microsoft Corp. is investigating whether hackers who attacked its email system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, according to a person familiar with the investigation. Based in Taipei City, which specializes in discovering computer security vulnerabilities, said in December it had found bugs affecting Exchange business email software widely used by Microsoft. Then, at the end of February, Microsoft informed DEVCORE that it was about to release security patches to address the issue, and in the days following the disclosure of its still-secret patch to DEVCORE, attackers escalated their malicious activity. on networks using Internet-connected Exchange servers, according to researchers at Palo Alto Networks Inc., Microsoft is investigating whether information shared with its partners may have triggered the attack in one way or another, Bloomberg News reported . The company focused part of its investigation on whether DEVCORE may have been compromised or whether somehow attackers were made aware that the fix was in the works. invaluable to hackers looking to time their attack to maximize its impact, according to the person, who asked not to be identified because details of the investigation were not made public. A Microsoft spokesperson confirmed the investigation, but did not say whether DEVCORE’s role was under control. not yet drawn any conclusions, the spokesperson said. We have seen no indication of a leak from Microsoft related to this attack. Bowen Hsu, senior project manager at DEVCORE, said in an email that the company immediately launched an internal investigation and found no no worries so far. He declined to give further details on the scope of the review.Some of the loopholes have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyber espionage groups, who breached more than 60,000 servers. in the world in one of the biggest and most damaging. hacks in recent memory. In some cases, victims who still did not install the Microsoft patch were targeted with ransomware, and according to DEVCORE, its researchers discovered two security holes in the exchange servers from December 10 to December 30 and used them. to create a proof of concept. exploit that could be deployed to break into servers and secretly access emails. The company disclosed its discovery to Microsoft on January 5, and Microsoft began work on a fix to resolve the issue. But on January 3, two days before the disclosure to Microsoft, hackers started using one of the same. security vulnerabilities discovered. by DEVCORE to access exchange servers and steal emails, according to researchers at Virginia-based cybersecurity firm Volexity. At the end of February, Microsoft informed DEVCORE that it was almost ready to publish security patches. On the same day, there was an increase in hacker activity, according to security researchers at Palo Alto Networks Inc. Researchers at Palo Alto Networks examined the malware code that hackers were using to breach Microsoft servers. Exchange and made a curious discovery. Some strains of the malware contained the password, orange. The DEVCORE researcher who discovered security flaws in exchange servers is called Orange Tsai. On Twitter, Tsai pointed out that the exploit used in the February attacks resembles the one he created as a proof of concept and which DEVCORE reported to Microsoft. He said he had hard-coded the orange password into the malware.The findings by Palo Alto Networks and Volexity alarmed DEVCORE researchers as the results indicate that DEVCORE’s research was surreptitiously obtained by hackers. , according to a person familiar with the subject. Matthew Faou, a malware researcher at European cybersecurity firm ESET, said hackers could have independently found the same vulnerabilities in Microsoft Exchange. The other most likely scenario, he added, is that the hackers somehow obtained the information from DEVCORE or a Microsoft partner. here, please visit us at bloomberg.com Subscribe now to stay ahead with the most trusted source of business news. 2021 Bloomberg LP

