WSJ Says Microsoft Partners May Be Involved in Cyberattack on Exchange Servers
According The Wall Street Journal sources, Microsoft partners may be involved in a cyberattack on the ProxyLogon vulnerability. They could have provided alleged hackers with data to carry out a cyberattack using a vulnerability in Exchange Server.
Microsoft experts are investigating a possible leak of classified information that was transferred through the Microsoft Active Protections Program (Mapp) partner program to companies providing services in the field of cybersecurity. This was reported by The Wall Street Journal, citing sources.Reportedly, about 80 firms around the world are members of MARP. It is noted that ten of them are based in China. WSJ sources do not exclude that one of the Chinese partner companies could secretly provide alleged hackers with information about innovations in the corporation’s software, which was used for the attack.
Let me remind you that we wrote that FireEye CEO Blames Chinese Hackers for Indiscriminate Cyberattacks on Microsoft Exchange.
The key context for the leak investigation reported by Microsoft is the timing of the hacking campaign. According to magazine sources, the attacks began in early January and escalated in late February as Microsoft prepared to release software patches for Exchange vulnerabilities.
The second series of attacks is believed to have started around February 28th. Several security firms determined that the campaign used hacking tools similar to the attack verification code that Microsoft had sent to partners the week before.
“It appears Microsoft is seeking to determine whether the code shared with partners may have found its way to the hackers. As part of its investigation, the company is said to be looking into the Microsoft Active Protections Program through which it shares information on vulnerabilities with firms such as antivirus providers”, – The Wall Street Journal reported.
This version is supported by the fact that the cyberattack, which took place on February 28, exploited Exchange Server vulnerabilities that were fixed in an update that became available to MARP participants on February 23, while other clients only got access to it on March 2.
A Microsoft spokesman declined to comment.
Earlier, Microsoft found out that a group of Chinese hackers tried to steal information from American companies using weaknesses in the protection of Microsoft Exchange Server. It was not specified which companies and structures suffered from the actions of hackers.
We also reported that Chinese hackers also took part in attacks on SolarWinds clients.