Hackers may have acquired internal information that Microsoft shared with its security partners exploit vulnerabilities according to a Friday in the company’s widely used email and calendar software Exchange Wall Street Journal report.
Multiple different hacker groups have descended on the Exchange in a series of branching cyber attacks that have been at least compromised 30,000 American organizationsState-sponsored hackers from China have reportedly exploited several zero-day vulnerabilities in Microsoft’s software, which other cyber attackers later used, to access Exchange servers and install malicious code to steal massive amounts of email data from US companies and local governments.
The first wave of attack started in January and got going the week before Microsoft planned to roll out a software fix to customers, the Journal reports. Tools used in the second wave, believed to have started on Feb. 28, showed several similarities to ‘proof of concept’ attack code that Microsoft distributed to antivirus companies and other security partners a few days earlier, people familiar with the inquiry told the outlet. Although Microsoft initially planned to release a software fix on March 9, it eventually released the patch on March 2 in response to the second wave of attack.
Microsoft uses an information-sharing network, Microsoft Active Protections Program or MAPP, to send alerts about its product to its security partners so that they can identify new threats. MAPP includes 80 security companies around the world, including about 10 in China. Some of these organizations received the proof-of-concept code that could be used to attack Microsoft’s systems in a report that contained technical details about unpatched errors in Exchange, according to the Journal. A Microsoft spokesperson turned down the Journal’s request for comment on whether Chinese companies were included in this subset.
G / O Media can receive a commission
The spokesperson went on to say that Microsoft has seen “no evidence” of a leak from within the company, but if an internal investigation shows that MAPP partners are involved in the hack, it would have consequences.
“If it turns out that a MAPP partner was the source of a leak, they would be affected if they violated the terms of entry into the program,” he told the Journal.
Microsoft previously kicked Hangzhou DPTech Technologies, a security software provider in China, out of its MAPP program in 2012 after determining that the company has leaked proof-of-concept code that could be used in a potential cyber attack, in violation of its nondisclosure agreement.
The extent of this massive breach is still being discovered, but it could potentially give hackers access to compromised systems for years to come. Cyber attacks reportedly doubles every few hours as hackers take advantage of these zero-day vulnerabilities to breach servers that have not yet been patched, the cybersecurity firm said. Check Point ResearchFriday Microsoft announced that it discovered “a new family of ransomware,” or malicious software that hijacks a computer or network until the victim demands a ransom and is used to target unpatched networks.
That same day, the Biden administration underscored the seriousness of this historic hack and warned the thousands of compromised organizations that they have “hours, not days” to update exposed servers. per CNNAn official told the outlet that the US government is hiring private sector members to assist in a multi-agency cybersecurity task force formed in response to the incident.