Microsoft probes clue that hackers have hacked research in Taiwan

Photographer: Chris Ratcliffe / Bloomberg

Microsoft Corp. is investigating whether hackers who attacked its email system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, according to a person familiar with the investigation.

DEVCORE, a small Taipei City-based company that specializes in discovering computer security vulnerabilities, said in December it found bugs affecting Microsoft’s widely used Exchange business email software. Then, at the end of February, Microsoft informed DEVCORE that it was about to release security fixes to resolve the issue.

In the days following Microsoft’s disclosure of its still-secret fix to DEVCORE, attackers escalated their malicious activity on networks using Internet-connected Exchange servers, according to researchers at Palo Alto Networks Inc.

Microsoft is investigating whether information shared with its partners could have sparked the attack somehow, Bloomberg News reported. The company focused part of its investigation on whether DEVCORE may have been compromised or whether somehow attackers were made aware that the fix was in the works. valuable intelligence for hackers looking to time their attack to maximize its impact, depending on the person. , who asked not to be identified as details of the investigation were not made public.

A Microsoft spokesperson confirmed the investigation, but did not say whether DEVCORE’s role was under review.

“We are examining what could have caused the spike in malicious activity and have yet to draw any conclusions,” the spokesperson said. “We have seen no indication of a Microsoft leak related to this attack.”

Bowen Hsu, senior project manager at DEVCORE, said in an email that the company had found no signs of a breach of its security.

“DEVCORE immediately launched an internal investigation on March 3 to verify if the team was hacked or if any information was leaked from our side,” Hsu said. “We have thoroughly investigated all personal computers / devices owned by our employees, as well as our internal infrastructure and systems; there was no sign that any of these devices and our systems were hacked. Additionally, we investigated our internal system and found no unusual connection attempts or file access. “

Some of the loopholes have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyber espionage groups, who breached more than 60,000 servers worldwide in one of the largest and most damaging hacks. in recent memory. In some cases, victims who still did not install the Microsoft hotfix have been targeted by ransomware.

According to DEVCORE, its researchers discovered two security flaws in the exchange servers from December 10 to December 30, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and gain access. secretly to emails. The company disclosed its discovery to Microsoft on January 5, and Microsoft has started work on a fix to address the issue.