SECURITY
SECURITY
SECURITY
Report: Microsoft looking into whether leaked data was used in Exchange hacks
Microsoft Corp. is looking into the possibility that the recent cyberattacks against Exchange Server email servers employed data leaked from its systems or those of its partners, the Wall Street Journal reported today.
Exchange Server is a Microsoft-developed email and calendar platform popular in enterprises. At the beginning of March, the company revealed that hackers have been using previously unknown “zero-day” flaws in the platform to launch cyberattacks against customers. Tom Burt, Microsoft’s corporate vice president for customer security and trust, attributed the cyberattacks to a China-based hacking group the company is calling Hafnium.
The key context behind Microsoft’s reported leak investigation is the timing of the hacking campaign. According to the Journal’s sources, the attacks began in early January and widened in late February just as Microsoft was preparing to release software fixes for the Exchange vulnerabilities.
The second series of attacks is believed to have begun around Feb. 28. According to today’s report, multiple security firms have determined that the campaign employed hacking tools similar to proof-of-concept attack code Microsoft sent out to partners the week before to help them address the threat. The company released patches for the vulnerabilities a few days later, on March 2.
It appears Microsoft is seeking to determine whether the code shared with partners may have found its way to the hackers. As part of its investigation, the company is said to be looking into the Microsoft Active Protections Program through which it shares information on vulnerabilities with firms such as antivirus providers. A notification sent out to some of the participants in the program on Feb. 23 reportedly included the proof-of-concept attack code.
The Exchange Server vulnerabilities were found in versions of the platform dating back to the 2010 edition. They allow hackers to gain access to a company’s Exchange Server installation and set up a malicious program known as a web shell in the compromised deployment that they can be used to steal emails remotely.
A separate Wall Street Journal report last week stated that it’s believed as many as 250,000 or more Microsoft customers may have been targeted. Researchers have determined that at least 10 hacking groups are now exploiting the vulnerabilities to launch hacking campaigns, including ransomware attacks.
Photo: efes/Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
