Hackers may have obtained inside information that Microsoft has shared with its security partners to exploit vulnerabilities on Exchange’s widely used e-mail and calendar software, according to a Friday Wall Street Journal report.
Of several different groups of hackers crashed on the Exchange in a series of branched cyber attacks that compromised at least 30,000 US organizations. State-sponsored hackers exploited several zero-day vulnerabilities on Microsoft software, which other cyber attacks later took advantage of, to enter Exchange servers and plant malicious code to steal large amounts of email data from American companies and local governments.
The first wave of attacks began in January and gained momentum in the week before Microsoft planned to release a software fix for customers, reports the Journal. The tools used in the second wave, which is believed to have started on February 28, had several similarities to the “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners a few days earlier, people familiar with with the investigation said the take. Although Microsoft initially planned to release a software patch on March 9, it ended up releasing the patch early on March 2 in response to the second wave of attacks.
Microsoft uses an information sharing network, Microsoft Active Protections Program or MAPP, to send alerts about its product to its security partners so that they can identify emerging threats. MAPP includes 80 security companies worldwide, including around 10 in China. A subset of these organizations received the proof-of-concept code that could be used to attack Microsoft systems in a notification that contained technical details about uncorrected flaws in Exchange, according to the Journal. A Microsoft spokesman declined the Journal’s request to comment on whether any Chinese companies were included in this subset.
G / O Media can receive a commission
The spokesman also said that Microsoft saw “no indication” of a leak from inside the company, but if its internal investigation finds that a MAPP partner is involved in the hack, there will be consequences.
“If they discover that a MAPP partner was the source of the leak, they would face the consequences for violating the terms of participation in the program,” he told the newspaper.
Microsoft previously banned Hangzhou DPTech Technologies, a China-based security software provider, from its MAPP program in 2012 after discovering that the company leaked a proof of concept code that could be used in a potential cyber attack and therefore violated its non-disclosure agreement.
The scope of this massive breach is still being discovered, but it could allow hackers to gain access to compromised systems for years to come. The rate of cyber attacks is doubling every few hours as hackers take advantage of these zero-day vulnerabilities to breach servers that have not yet been fixed, according to the cybersecurity company. Check Point Research. On Friday, Microsoft disclosed who discovered “a new family of ransomware”, also known as malicious software that hijacks a computer or network until the victim asks for a ransom, being used to target unpatched networks.
That same day, the Biden administration underlined the seriousness of this historic hack and warned the thousands of compromised organizations that have “hours, not days” to update the exposed servers, by CNN. An official told the media that the U.S. government is recruiting members of the private sector to assist with a cyber security task force formed in response to the incident.