Microsoft Corp.
MSFT -0.93%
investigating whether cyberattack worldwide could have linked tens of thousands of its corporate customers to information leaks by the company or its partners, according to people familiar with the matter.
The study is based in part on the question of how a stealth attack that began in early January raised steam in the week before the company was able to send a software solution to customers. In that time, a handful of Chinese-linked hockey organizations have acquired the tools that allowed them to launch widespread cyberattacks that have now captured computers around the world running email software Microsoft Exchange.
Some of the tools used in the second wave of the attack, which is expected to begin on Feb. 28, are similar to a “concept-proof” attack code released by Microsoft to antivirus companies and security partners. another Feb. 23, investigators at security companies say. Microsoft had planned to release their security solutions two weeks later, on March 9, but after the second wave began it released the pieces early a week, on March 2, according to researchers.
One focus of the study is an information sharing program called Microsoft Active Protection Program, which was created in 2008 to give security companies a head start in detecting emerging threats. Mapp comprises approximately 80 security companies worldwide, approximately 10 of which are based in China. A subset of Mapp partners were contacted by Microsoft Feb. 23, which included the proof-of-concept code, according to sources familiar with the program. A Microsoft spokesman declined to say whether any Chinese companies were included in this message.
How the hackers acquired the important tools for Microsoft and others who scramble to assess the historical damage of the massive cyberattack, which has allowed other hockey organizations to exploit the vulnerabilities for their own purposes. Microsoft said this week that they had seen ransomware, or malicious software that locks the victims’ computers to pay the hackers, using them to target networks that have not yet been captured. . Because many of the target groups are small businesses, schools and local governments, security experts said they could be particularly vulnerable to sexual assaults.
Senior Biden administration officials have described the problem in poor conditions over the past week, urging organizations to maintain their systems immediately. Federal systems are not currently known to be compromised, although officials are still investigating the possibility of openness to organizations. President Biden was briefed about the hack and the administration has created an inter-agency cybersecurity coordination group targeting the hack, a spokesman for the National Security Council said.
Microsoft said there would be consequences if the Mapp partnership was abused. “In the event that Mapp’s partner is the victim of a leak, they would be in breach of the programme’s terms of participation,” a Microsoft spokesperson said by email.
In 2012, Microsoft fired a Chinese company, Hangzhou DPTech Technologies Co., Ltd., from Mapp after it was confirmed that it had released a proof-of-concept code that could be used in an attack and revealed that code on a Chinese website.
Write to Robert McMillan at [email protected] and Dustin Volz at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8