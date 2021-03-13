Microsoft Probes Clue That Hackers Cracked Taiwan Research

Ryan Gallagher and Kartikay Mehrotra
·4 min read

(Bloomberg) -- Microsoft Corp. is investigating whether hackers who attacked its email system exploited the findings of Taiwanese researchers who were the first to alert the software company to the vulnerabilities, according to a person familiar with the investigation.

DEVCORE, a small firm based in Taipei City that specializes in discovering computer security flaws, in December said it found bugs affecting Microsoft’s widely used Exchange business email software. Then in late February, Microsoft notified DEVCORE that it was close to releasing security patches to fix the problem.

In the days after Microsoft disclosed its still secret patch to DEVCORE, attackers escalated their malicious activity on networks using Exchange servers connected to the internet, according to researchers at Palo Alto Networks Inc.

Microsoft is exploring if intelligence it shared with partners may have somehow triggered the attack, Bloomberg News reported. The company has focused part of its investigation on understanding if DEVCORE may have been compromised, or in some way tipped off attackers that the patch was in the pipeline, valuable intelligence for hackers seeking to time their attack to maximize its impact, according to the person, who asked not to be identified because details of the probe haven’t been publicly released.

A Microsoft spokesperson confirmed the investigation, but didn’t comment on whether DEVCORE’s role is under scrutiny.

“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions,” said the spokesperson. “We have seen no indications of a leak from Microsoft related to this attack.”

Bowen Hsu, senior project manager at DEVCORE, said in an email that the company “immediately launched an internal investigation and did not find any concern so far.” He declined to elaborate on the scope of the review.

Some of the flaws have since been exploited by suspected Chinese state-sponsored hackers and other unknown cyber-espionage groups, who have breached more than 60,000 servers worldwide in one of the largest and most damaging hacks in recent memory. In some cases, victims who still haven’t installed the Microsoft patch, have been targeted with ransomware.

According to DEVCORE, its researchers discovered two security flaws in exchange servers from Dec. 10 to Dec. 30, and used them to create a proof of concept “exploit” that could be deployed to break into the servers and secretly access emails. The company disclosed its discovery to Microsoft on Jan 5., and Microsoft began working on a patch to fix the problem.

But on Jan. 3 -- two days before the disclosure to Microsoft -- hackers began using one of the same security flaws discovered by DEVCORE to gain access to exchange servers and steal emails, according to researchers at the Virginia-based cybersecurity firm Volexity.

In late February, Microsoft notified DEVCORE that it was nearly ready to release the security patches. The same day, there was an increase in hacker activity, according to security researchers at Palo Alto Networks Inc. The Palo Alto Networks researchers reviewed code of the malware the hackers were using to breach the Microsoft Exchange servers and made a curious discovery. Some strains of the malware contained the password, “orange.”

The researcher at DEVCORE who first found the security flaws in the exchange servers is goes by the name Orange Tsai. On Twitter, Tsai pointed out that the exploit used during the February attacks “looks the same” as the one he created as a proof of concept and that DEVCORE reported to Microsoft. He said he had hard-coded the password “orange” into the malware.

The discoveries by Palo Alto Networks and Volexity alarmed researchers at DEVCORE, because the findings indicate that DEVCORE’s research had been surreptitiously obtained by the hackers, according to a person familiar with the matter.

Matthieu Faou, a malware researcher at European cybersecurity company ESET, said the hackers may have independently found the same vulnerabilities in Microsoft Exchange. The other most likely scenario, he added, was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner.”

For more articles like this, please visit us at bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2021 Bloomberg L.P.

Recommended Stories

  • Fact check: Meghan and Harry were not paid for their Oprah interview

    Following Meghan Markle and Prince Harry's exclusive interview, false claims surfaced online that the couple was paid millions for it.

  • Singaporean conductor swaps stage for food delivery

    (SOUNDBITE) (English) ORCHESTRA CONDUCTOR AND FOOD DELIVERY DRIVER, CHIYA AMOS, SAYING (SOUNDBITE PARTLY OVERLAID WITH CLOSER ANGLE SHOT):"Hi, I'm Chiya Amos, and I'm an orchestra conductor. Right now I'm a food delivery rider in Singapore."Chiya Amos used to lead dozens of orchestras in Russia every yearLocation: Kostroma, RussiaHe was forced to return to Singapore after ten months without workand now spends up to 12 hours a day, nearly seven days a weekdelivering food and drinksLocation: Singapore"Yeah, I miss being on stage. Of course, I miss collaborating with people, I miss waving my hands and making magic, music. But at the end of the day, it seems that the mission that I had as a conductor is similar to the mission that I'm having as a delivery rider right now, because we bring food to people, we bring sustenance to people. And as a conductor, we work with orchestras to bring sustenance to the soul and the mind."

  • WHO tries to quash nervousness about AstraZeneca vaccine

    The World Health Organisation squarely endorsed AstraZeneca's coronavirus vaccine on Friday.

  • ‘He has never served a day in his life’: US space command official hits back at Tucker Carlson

    ‘The bottom line is that we value women in our armed forces,’ Sergeant Scott Stalker says

  • Shop Daveed Diggs and Emmy Raver-Lampman’s Home Style

    Among the stylish and textural pieces that fill the home of AD’s April cover stars are furnishings that are comfortable, versatile, and refreshingly affordableOriginally Appeared on Architectural Digest

  • Former Theranos CEO Elizabeth Holmes is pregnant, and is requesting her federal trial be delayed again

    Former Theranos CEO Elizabeth Holmes is pregnant, and is asking to have her federal trial delayed until the end of August after she gives birth.

  • The parallels between Prince Harry and his great-granduncle Edward VIII, who left the British throne for an American divorcée, go far beyond their wives

    Both Harry and Edward were popular princes in their youth who were known for their love of partying before they became passionate about the military.

  • Severe kidney problems seen with COVID-19; second vaccine dose should not be delayed for cancer patients

    The following is a roundup of some of the latest scientific studies on the novel coronavirus and efforts to find treatments and vaccines for COVID-19, the illness caused by the virus. Sudden kidney problems from severe COVID-19 appear to be worse, and longer-lasting, than kidney problems that develop in other seriously ill patients, a new study found. Doctors at five hospitals in Connecticut and Rhode Island studied 182 patients with COVID-19-associated acute kidney injury (AKI) and 1,430 patients with AKI not associated with the coronavirus.

  • Brady signs extension, frees salary cap space for Buccaneers

    Tom Brady has agreed to a contract extension with the Tampa Bay Buccaneers that provides the Super Bowl champions with much-needed salary cap relief and will help the seven-time NFL champion reach a goal of playing until he’s at least 45. Brady posted a picture of himself on Twitter, signing the extension Friday with the message: “In pursuit of 8 ... LFG@ Buccaneers we’re keeping the band together.” The extension confirmed by the team frees about $19 million in salary cap space, a move that improves Tampa Bay’s chances of returning as much of its championship roster as possible for 2021.

  • Prince Charles' reputation has taken a major hit, but refusing to take Harry's calls is far from the future king's first mistake

    Prince Harry told Oprah Winfrey his father stopped taking his calls before he and Meghan Markle announced their step back from the royal family.

  • How much protection you get from one shot of the Pfizer, AstraZeneca, and Moderna vaccines, according to the best available data

    One dose of the Pfizer-BioNTech or Moderna vaccine appears at least 80% effective against symptomatic COVID-19 for at least 21 days.

  • Green leader faces backlash after claiming Royal scandals mean Scotland should ditch The Queen

    The Scottish Greens have been accused of indulging in “pathetic politics” after claiming allegations of racism within the Royal family showed the monarchy should be scrapped in an independent Scotland. Patrick Harvie, the party’s co-leader, said “serious questions” had been raised “about the attitudes and values of the Royal family” following the Duke and Duchess of Sussex’s interview with Oprah Winfrey. He claimed that the monarchy would “hold back” an independent Scotland and said the revelations from Harry and Meghan, as well as “other recent scandals”, served as a reminder “that the monarchy itself is an outdated, discredited and totally undemocratic institution."

  • Fox News host says Biden should stop talking about 'the 500,000 dead' and quit kicking Trump 'in the groin'

    "We don't need to go over the 500,000 dead. We had that moment," Brian Kilmeade said on Friday's "Fox & Friends" about the lives lost to COVID-19.

  • Dr. Seuss' illustrations reveal just how ingrained anti-Asian racism is in America

    One illustration shows an Asian man with bright yellow skin, slanted eyes, a pigtail and conical hat, holding chopsticks and a bowl of rice over the words “a Ch

  • Trump reportedly showed people at a shiva photos of naked women on a yacht and called his CFO's Long Island house 'embarrassing'

    The traditional Jewish mourning event follows the burial of a close family member and is not designed to include photos of naked women.

  • Announcer for high school basketball game uses racial slur after team kneels during anthem

    In a video shared on Twitter, it doesn't appear the announcers realize their mic is working.

  • MSC Cruises ship catches fire while docked in Greek port; no injuries among skeleton crew

    MSC Cruises' Lirica, caught fire in Corfu, Greece. Friday. No injuries were reported among the crew and no passengers were on board.

  • The short-seller that uncovered fraud at Nikola is accusing another upstart EV maker of misleading investors

    Hindenburg Research alleged that Lordstown's 100,000 preorders are "largely fictitious." Shares of the EV maker plummeted nearly 20% on the news.

  • 'A Perfect Storm': COVID Law Could Send IRS Rage into Overdrive

    REUTERSWith a stroke of his pen on Thursday, President Joe Biden ushered in a series of sweeping pandemic relief measures: checks of $1,400 or more to individuals and families, a new child tax credit hailed as a revolutionary anti-poverty measure, and a major tax break for millions of people who took unemployment benefits last year.In an instant, however, the $1.9 trillion relief bill created a crushing amount of work for the government agency tasked with making its lofty programs a reality: the Internal Revenue Service.The perennially overworked and widely loathed tax agency had already been struggling to achieve its main annual goal—processing income tax filings—even before the American Rescue Plan passed. As of Thursday, it is sending out tax refunds 32 percent slower than it did last year, according to the agency’s weekly tax seasons statistics report. In February, the IRS’s internal watchdog said that only one out of every 11 calls to the agency were even getting an answer.Now, in the middle of tax-filing season, the IRS’ mission has ballooned thanks to the pandemic relief plan. First, it must send out another round of stimulus checks to a large share of the country’s population. Then, the agency has to work through the bill’s changes to unemployment insurance taxation: with Democrats making the first $10,000 in benefits tax-free, many recipients who already filed their taxes will want to access that benefit, and the IRS has to figure out how to facilitate that. On top of that, the agency is responsible for readying a sweeping expansion of the child tax credit, which will now come in the form of a $300 monthly payment per child, to help millions of families in the coming weeks and months.Looming over all of this, of course, is the filing deadline on April 15. Some lawmakers have called for the IRS to extend the filing period as it did last year, but there’s no indication yet that will happen. The IRS did not immediately respond to a request for comment.Among tax policy experts and lawmakers who closely watch the IRS, these mounting duties, and the tight deadline, are creating serious anxiety. “I would never say never when it comes to the IRS and its ability to implement new legislation, new challenges, but, boy—this is going to be difficult,” said Janet Holtzblatt, a senior fellow at the Urban-Brookings Tax Policy Center. “There will presumably be SNAFUs along the way.”A lobbyist on tax issues put it to The Daily Beast another way: “It’s a perfect storm.”Supporters of the relief plan are in the somewhat awkward position of defending the bill’s ambitious programs while acknowledging the strain those same programs are placing on the agency that is supposed to somehow make it all work.“It’s quite predictable that we’re going to be challenged moving forward, implementing this bill that is desperately needed,” said Rep. Gerry Connolly (D-VA), who chairs a sub-panel of the House Oversight Committee with jurisdiction over the IRS. “We’re asking the IRS, which is a tax collection and auditing agency, to become a benefit payment agency as well. That’s a big change. That’s quite a mission creep.”Postmaster General Plans More Mail Delays, Price HikesFew are expecting that the IRS will totally crash and burn in the coming months or become unable to carry out its key duties. But the widely-held suspicion is that it will simply move more slowly and that the quality of service to taxpayers will decrease.“What’s going to happen is that the IRS is good at doing whatever is the priority of the moment that has to be done, and then will therefore sacrifice something else,” said Charles Rossotti, a former IRS commissioner under Presidents Bill Clinton and George W. Bush.What may go on the backburner, necessarily, are other important but less-urgent functions of the IRS, putting it on an even worse long-term footing. Experts are concerned that the agency will backslide in achieving its core mission of compliance—ensuring people who owe taxes pay them—than it was before. IRS Commissioner Charles Rettig told lawmakers in February that the agency did not collect some $570 billion in taxes that were owed in 2019. A study that same year from the National Bureau of Economic Research found the so-called “tax gap” could grow to $7.5 trillion over a decade.Democrats blame Republican cuts to the IRS budget for this sorry state of affairs. “Republicans spent the last decade gutting the IRS, so the agency has struggled when it comes to enforcement and staffing,” said Sen. Ron Wyden (D-OR), the chairman of the Senate Finance Committee, which oversees the IRS.When they took the House majority in 2010, tea party Republicans practically reveled in slashing the IRS budget, which they viewed as emblematic of wasteful government spending. The emergence of the Affordable Care Act—a program the IRS essentially enforced due to the centrality of the law’s tax penalty for not having health insurance—made it even more of a GOP target.Over the course of the decade, the IRS budget was cut by 20 percent, said Holtzblatt, and its workforce has been slashed by nearly a quarter since 2010. Modernization efforts have lagged: The agency relies on technology systems that were introduced in the John F. Kennedy administration. Even before the pandemic, these factors contributed to refund delays; President Donald Trump, whose first budget request called for $250 billion cuts to the IRS, eventually relented, asking for more money for tax enforcement in 2019.When the pandemic hit last year in the middle of tax filing season, the IRS had to process returns and refunds while figuring out how to issue the first round of stimulus checks—170 million of them—included in the CARES Act. That effort was largely successful, but there were delays: As of October, 12 million Americans still had not gotten their checks. And by December, the IRS still had 1 million tax returns to process from 2019, well after the extended July 15 filing deadline.Outrage from Capitol Hill was so general that special hotlines that the IRS set up to deal with lawmaker complaints were totally overwhelmed, Rettig told Connolly’s committee in October.“We had a phone line for Congress that got essentially overrun with the volume…. and then it was my bright idea to create an email box such that our folks could work it around the clock on emails received,” said Rettig. “We received, I think, over a hundred thousand emails from a house.gov or senate.gov [email account]. And so my bright idea really overran us as well. But it was an effort to try to get there.”For Rep. Bill Pascrell (D-NJ), who chairs the House Ways and Means subcommittee that oversees the IRS, the agency’s situation is remarkably similar to that of another public institution suffering from structural issues exacerbated by the pandemic: the U.S. Postal Service. “It’s not like the IRS is running a fine-tuned machine here,” Pascrell told The Daily Beast. “The IRS reminds me of the Post Office and how it’s run.”Now that they control the White House and both chambers of Congress, Democrats are optimistic they can do more to get the IRS out of the hole with increased funding. The final year of the Trump administration even saw improvements; the IRS fiscal year 2021 budget increased by $409 million from 2020, for a total funding allotment of nearly $12 billion.In his statement to The Daily Beast, Wyden pointed out that the American Rescue Plan includes $2 billion to help the IRS implement various programs. “We can’t ask the IRS to do more and more and not provide adequate resources,” he said, adding, “the solution here is not one-time funding.”“It’s much harder for the IRS to build the plane while flying it,” continued Wyden. “We need sustained funding over the long-term so the IRS can build and maintain these systems over the long-term.”In the short term, experts are confident that the IRS will promptly issue the next round of stimulus payments, having had two opportunities already to improve the process.Biden Signs Massive $1.9 Trillion COVID-19 Relief Bill Into LawBut the duty to help eligible taxpayers access a major tax break on their past unemployment benefits may be tricky. Many will have to amend tax returns they already filed, and the IRS will have to figure out how to help them to do it quickly and accurately. “I am hoping that since last Friday when this got announced, that the IRS and Treasury lawyers have been working nonstop on guidance to taxpayers on what to do,” said Holtzblatt. “It’s not any easier for the IRS if taxpayers are confused.”Many tax experts, like Holtzblatt, say it’s highly unusual for the government to change tax laws retroactively so late in the filing season. Despite all the converging challenges and the promise of delays, it’s unclear if the IRS will extend the tax filing deadline, as they did last year. “It’s a no-brainer to me,” said Pascrell. “The passage of massive stimulus this week is a huge win for America, but part of the [IRS] responsibility, as well as the administration’s, is to follow up and understand the consequences of what we enacted.”Rossotti, the former IRS commissioner, told The Daily Beast the IRS has taken the position that an extension is “not a good idea.”“It does not simplify things to change the filing season,” he said. “Any taxpayer can get an extension... There is a whole system geared to a set of dates, it ripples through a lot of things.”Whatever the path ahead, it will not be an easy one for the IRS. Rettig is set to testify in front of the House Ways and Means Committee next week, and Pascrell said he “better” have answers about how they plan to maintain adequate service to taxpayers.His colleague, Connolly, was not quite ready to heap blame on Congress for the situation. But he offered a reflection: Legislative bodies like Congress, he said, “do not often pay attention to implementation and delivery. They believe when they passed the bill, they solved the problem.”Read more at The Daily Beast.Get our top stories in your inbox every day. Sign up now!Daily Beast Membership: Beast Inside goes deeper on the stories that matter to you. Learn more.

  • Man who reportedly sold $1.5 billion Mega Millions ticket arrested on tax evasion charges

    The man who reportedly sold the record Mega Millions lottery ticket in Greenville County in 2018 has been arrested and charged with tax evasion.