Microsoft is now investigating the possibility as to whether the hackers behind a now world-wide cyberattack could have been able to gain access to some sensitive information from private disclosures along with security partners. The sensitive information was allegedly used to launch the attack according to a few sources reportedly familiar with the matter.
Was the Microsoft Exchange hack an inside job?
The investigation reportedly centers on the question of just how a stealthy attack that started in early January was able to happen just a week before the company was able to send out a software fix to its customers. During that time, a number of China-linked hacking groups were reportedly able to obtain the tools needed to launch an array of cyberattacks that could have infected different computers worldwide that are launching the Microsoft Exchange email software.
According to an article by The Wall Street Journal on Friday, March 12, investigators have now focused on whether or not a Microsoft partner with whom it had shared certain information regarding the bug hackers were exploiting leaked directly to other groups or either done on purpose. A number of the tools that were used in the second attack wave on Feb 28 were found to bear similarities to "proof of concept" attack code that the company had distributed to other antivirus companies as well as other security partners back in Feb 23.
The situation gets even more curious as Microsoft had planned another set of security fixes just two weeks later scheduled on March 9. However, after the second wave started, it then pushed the patches out a week earlier on March 2, according to researchers. Microsoft as well as a few others have reportedly been reviewing a certain information-sharing program that was called MAPP or Microsoft Active Protections Program. This was created back in 2008 in order to give security companies a head start when it comes to detecting emerging threats.
MAPP proof of concept code
MAPP also includes about 80 different security companies coming from all around the world. Around 10 of them were reportedly based in China. Another subset of MAPP partners were reportedly sent the previous Feb 23 notification which also included the said "proof-of-concept code," according to certain sources that were familiar with the said program. This was also reported by siliconANGLE. A Microsoft spokesperson reportedly declined to say whether there are any Chinese companies that were reportedly included in this particular release.
How certain hackers obtained the particular tools is also very important to Microsoft and the others that are scrambling to access the damage of this notably historically large cyberattack.
This has allowed some other hacking groups to be able to capitalize on certain vulnerabilities for their very own endeavors. Microsoft then said that it had spotted ransomware on unpatched servers locking out the users' computer until they agreed to pay the hackers. However, it is a good thing for those that have reportedly patched up their Microsoft Exchange since there have been no reports as of the moment of hackers being able to access the user once they have patched up.
Related Article: Microsoft Big Email China Hacked: How to Know if You're Affected, What to Do Next
This article is owned by Tech Times
Written by Urian Buenconsejo