[ad_1]
Microsoft is investigating whether the security companies it works with have disclosed details of vulnerabilities in its software, helping hackers spread a massive cyberattack late last month, according to people with knowledge of the investigation.
Microsoft initially blamed Hafnium, a state-backed Chinese hacking group, for the first wave of attacks in January.
As the company prepared to announce the hack and provide fixes, the attacks – which targeted “specific individuals” in US think tanks and non-governmental organizations – suddenly escalated and became more indiscriminate.
Several other Chinese hacker groups began launching attacks in a second wave in late February, researchers said.
“We are examining what could have caused the spike in malicious activity and have yet to draw any conclusions,” Microsoft said, adding that it had seen “no indication” that the information had been leaked from the company. inside the company.
People familiar with the investigation said Microsoft had investigated whether the 80 or so e-businesses that had been notified in advance of threats and fixes from it could have passed information to hackers. Members of Microsoft’s so-called active protection program include Chinese companies such as Baidu and Alibaba.
“If it turns out that a MAPP partner was the source of a leak, they would face consequences if the conditions for participation in the program were breached,” Microsoft said.
The investigation, first reported by Bloomberg, comes as ransomware criminal gangs have stepped up efforts to attack companies that have yet to update their systems with Microsoft patches. Government officials around the world are still assessing the damage done by hackers.
Jake Sullivan, the White House national security adviser, said the United States was mobilizing a response but “still trying to determine the scope and scale” of the attack. He added that it was “certainly true that the malicious actors are still in some of these Microsoft Exchange systems.”
Although Sullivan did not confirm Microsoft’s claim that China was responsible for most of the attacks, he said Washington intends to provide an attribution “in the near future.”
“We won’t hide the ball on this,” he said. More than 30,000 US businesses have been affected “including a significant number of small businesses, cities and local governments,” according to cybersecurity researcher Brian Krebs.
There are 7,000-8,000 Microsoft Exchange servers in the UK that are deemed potentially vulnerable due to the hack and around half have already been patched, UK security officials said on Friday.
Paul Chichester, director of operations at the UK’s National Cyber Security Center, a branch of GCHQ, said it was “vital” that all organizations take “immediate action” to protect their networks.
A senior US administration official said the attackers appeared sophisticated and capable, but said “they have taken advantage of the weaknesses of this software since its inception.”
Additional reporting by Demetri Sevastopulo in Washington
[ad_2]
Source link