Hackers may have gotten their hands on inside intel that Microsoft shared with its security partners to exploit vulnerabilities in the company’s widely used email and calendaring software Exchange, according to a Friday Wall Street Journal report.
Several different hacker groups have descended on the Exchange in a series of branching cyber attacks that compromised at least 30,000 U.S. organizations. State-sponsored hackers from China reportedly exploited several zero-day vulnerabilities in Microsoft’s software, which other cyberattackers later took advantage of, to gain entry into Exchange servers and plant malicious code in order to steal large troves of email data from American businesses and local governments.
The first wave of attacks began in January and picked up steam in the week before Microsoft planned to roll out a software fix to customers, the Journal reports. Tools used in the second wave, which is believed to have begun on Feb. 28, bore several similarities to “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners just a few days earlier, people familiar with the investigation told the outlet. While Microsoft initially planned to push out a software fix on March 9, it ended up releasing the patch early, on March 2, in response to the second wave of attacks.
Microsoft uses an information-sharing network, Microsoft Active Protections Program or MAPP, to push out alerts about its product to its security partners so they can identify emerging threats. MAPP includes 80 security companies worldwide, including about 10 based in China. A subset of these organizations received the proof-of-concept code that could be used to attack Microsoft’s systems in a notification that contained technical details regarding unpatched flaws in Exchange, per the Journal. A Microsoft spokesperson declined the Journal’s request for comment on whether any Chinese companies were included in this subset.
The spokesperson went on to say that Microsoft has seen “no indications” of a leak from inside the company, but if its internal investigation finds that any MAPP…