Microsoft investigates security groups for hacker leaks
Microsoft is investigating whether the security companies it works with have disclosed details of vulnerabilities in its software, helping hackers spread a massive cyberattack late last month, according to people with knowledge of the investigation.
Microsoft initially blamed Hafnium, a state-backed Chinese hacking group, for the first wave of attacks in January.
As the company prepared to announce the hack and provide fixes, the attacks – which targeted “specific individuals” in US think tanks and non-governmental organizations – suddenly escalated and became more indiscriminate.
Several other Chinese hacker groups began launching attacks as part of a second wave in late February, researchers said.
“We are examining what could have caused the spike in malicious activity and have yet to draw any conclusions,” Microsoft said, adding that it had seen “no indication” that the information had been leaked from the company. inside the company.
People familiar with the investigation said Microsoft had investigated whether the 80 or so cyber companies that had been notified in advance of threats and fixes from it could have passed information to hackers. Members of the so-called Active protection program include Chinese companies such as Baidu and Alibaba.
“If it were found that a MAPP partner was the source of a leak, they would face consequences if the terms of participation in the program were breached,” Microsoft said.
The investigation, first reported by Bloomberg, comes as ransomware criminal gangs have stepped up efforts to attack companies that have yet to update their systems with Microsoft patches. Government officials around the world are still assessing the damage done by hackers.
Jake Sullivan, the White House’s national security adviser, said the United States was mobilizing a response but “still trying to determine the scope and scale” of the attack. He added that it was “certainly true that the malicious actors are still in some of these Microsoft Exchange systems.”
Although Sullivan did not confirm Microsoft’s claim that China was responsible for most of the attacks, he said Washington intends to provide an attribution “in the near future.”
“We won’t hide the ball on this,” he said. More than 30,000 American companies were hit “Including a significant number of small businesses, cities and local governments,” according to cybersecurity researcher Brian Krebs.
There are 7,000 to 8,000 Microsoft Exchange UK servers deemed potentially vulnerable as a result of the hack and around half have already been patched, UK security officials said on Friday.
Paul Chichester, director of operations at the UK’s National Cyber Security Center, a branch of GCHQ, said it was “vital” that all organizations take “immediate action” to protect their networks.
A senior US administration official said the attackers appeared sophisticated and capable, but said “they have taken advantage of the weaknesses of this software since its inception.”
Additional reporting by Demetri Sevastopulo in Washington