Hackers may have seized information that Microsoft shared with its security partners exploit vulnerabilities in Exchange’s widely used email and calendar software, according to a Friday Wall Street Journal report.
More different groups of hackers they landed on the Exchange in a series of branched cyber attacks that at least compromised 30,000 American organizations. Chinese-sponsored hackers have allegedly exploited several zero day vulnerabilities in Microsoft software, which was later taken advantage of by other cyber attackers to gain access to Exchange servers and plant malicious code to steal numerous e-mail data from US companies and local governments.
The first wave of attacks began in January and escalated in the week before Microsoft planned to launch a software solution to customers, Journal reports. The tools used in the second wave, which is believed to have started on February 28, bear several similarities to the “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners in just a few days. Earlier, people familiar with the investigation said the outlet. While Microsoft initially planned to eliminate a software solution on March 9, it ended up launching the patch early, on March 2, in response to the second wave of attacks.
Microsoft uses an information-sharing network, the Microsoft Active Protections Program or MAPP, to send alerts about its product to its security partners so that it can identify emerging threats. MAPP includes 80 security companies worldwide, including about 10 based in China. A subset of these organizations received code proof of the concept that could be used to attack Microsoft systems in a notification that contained technical details of imperfect flaws in Exchange, according to the Journal. A Microsoft spokesman declined the Journal’s request for comment on the inclusion of Chinese companies in this subset.
G / O Media may receive a commission
The spokesman went on to say that Microsoft saw “no indication” of a leak inside the company, but if its internal investigation finds that any MAPP partner is involved in the hack, there would be consequences.
“If it turns out that a MAPP partner was the source of a leak, it would have consequences for violating the conditions for participation in the program,” he told Jurnal.
Microsoft previously fired Hangzhou DPTech Technologies, a China-based security software provider, from its MAPP program in 2012 after finding that the company leaked a code of proof of the concept that could be used in a potential cyber attack and thus violated its non-disclosure agreement.
The purpose of this massive breach is still uncovered, but it could allow hackers access to compromised systems for years to come. The rate of cyber attacks doubles every few hours, as hackers take advantage of these zero-day vulnerabilities to breach servers that have not yet been repaired, according to the cybersecurity firm. Check Point Research. Friday, Microsoft disclosure that he discovered “a new family of ransomware”, ie malicious software that hijacks a computer or network until the victim forks over a ransom, being used to target imperfect networks.
On the same day, the Biden administration stressed the severity of this historic hack and warned thousands of compromised organizations that they have “hours, not days” to update exposed servers, on CNN. An official told the media that the US government is recruiting members of the private sector to help a multi-agency cybersecurity working group formed in response to the incident.