Microsoft probing if Exchange attack is inside job, Feds shoring up security

Credit: Microsoft

The technology giant is specifically launching a probe examining whether "sensitive information" was leaked through private disclosures that Microsoft made with some of its security partners, The Wall Street Journal reported Monday.

More specifically, the company is investigating whether proof-of-concept code that sent privately by Microsoft to members of its Microsoft Active Protections Program (MAPP) was leaked, either intentionally or accidentally. There are about 80 organizations that participate in MAPP.

Earlier in March, Microsoft issued emergency patches for four zero-day vulnerabilities in Exchange email servers that were being actively exploited.

Microsoft identified issues in January, and shared proof-of-concept attack code with at least some MAPP partners on Feb. 23, before the patches were released. The probe indicates that some of the tools used in the Exchange attacks have "similarities" to the private code.

The Exchange attacks targeted at least 30,000 organizations in the U.S., including many prominent businesses. The initial wave of attacks were carried out by a Chinese hacker group named Hafnium, but the vulnerabilities are now also being leveraged by other criminal organizations.

On March 11, a security researcher briefly published proof-of-concept code exploiting the vulnerabilities to Microsoft-owned GitHub. That code was quickly taken down. Just a day after that, security researchers and federal agencies began warning that the vulnerabilities were being used to deliver ransomware on compromised machines.

In the wake of the Microsoft Exchange campaign and the SolarWinds attack in late 2020, the government is taking action. On March 12, The White House released a transcript of a briefing between press members and a senior administration official outlining its plans to respond to the cybersecurity incidents.

The senior official says the Biden Administration wants to prioritize security in the way that U.S. companies build and buy software. The centerpiece of its cybersecurity response will reportedly focus on closer collaboration with the private sector.

"Today, the cost of insecure technology is borne at the end: by incidence response and cleanup. And we really believe it will cost us a lot less if we build it right at the outset," the official said.

Additionally, the official added that the government is currently in week three of a four-week remediation in response to the Exchange and SolarWinds attacks.

"The compromised agencies all were tasked to do a particular set of activities and then were tasked to have an independent review of their work to ensure that we felt confident the adversary had been eradicated," the official said. "Most of the agencies have completed that independent review. For those who have not yet, they will complete it by the end of March."

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.