Microsoft probes hint that hackers cracked Taiwan research

Microsoft is checking whether hackers who attacked its email system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities.

A small firm based in Taipei City, DEVCORE specializes in discovering computer security flaws, in December said it found bugs affecting Microsoft’s widely used Exchange business email software. Then in late February, Microsoft notified DEVCORE that it was close to releasing security patches to fix the problem. In the days after Microsoft disclosed its still-secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the internet, according to researchers at Palo Alto Networks Inc.

Microsoft is exploring if intelligence it shared with partners may have somehow triggered the attack, Bloomberg News reported. The company has focused part of its investigation on understanding if DEVCORE may have been compromised, or in some way tipped off attackers that the patch was in the pipeline, valuable intelligence for hackers seeking to time their attack to maximize its impact, according to the person, who asked not to be identified because details of the probe haven’t been publicly released.

Bowen Hsu, Senior Project Manager at DEVCORE, said in an email that the company has found no signs that its security was breached. Hsu said, “DEVCORE immediately launched an internal investigation on March 3rd to verify whether the team has been hacked or any information has been leaked from our end. We had a thorough investigation among all the personal computers/devices owned by our employees, as well as our internal infrastructure and systems; there was no sign that any of those devices and our systems have been hacked. Also, we have investigated our internal system and found no unusual login attempts or file access.”

Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyber-espionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory. In some cases, victims who still haven’t installed the Microsoft patch, have been targeted with ransomware.