Microsoft is investigating whether security companies it works with leaked details about vulnerabilities in the software, which help hackers spread a major cyber attack late last month, according to people informed about the investigation.
Microsoft originally blamed Hafnium, a Chinese state-sponsored group for hacking, for the first attack in January.
Just as the company was preparing to announce the hack and make corrections, the attacks – aimed at “specific individuals” at American think tanks and non-governmental organizations – suddenly increased and became more respective.
Several other Chinese burglary groups, according to researchers, began attacks in late February as part of a second wave.
“We are looking at what could have caused the increase in malicious activity and have not yet drawn any conclusions,” Microsoft said, adding that there were no indications that the information had leaked from the company.
People familiar with the investigation said Microsoft had investigated whether the 80 or so cyber companies that were aware of threats and errors had passed information to hackers. Members of Microsoft’s so-called Active Protections program include Chinese companies such as Baidu and Alibaba.
“If it turns out that a MAPP partner was the source of a leak, they would have consequences if they violated the terms of participation in the program,” Microsoft said.
The investigation, first reported by Bloomberg, comes as criminal gangs have stepped up efforts to attack businesses that have not yet updated their systems with Microsoft patches. Government officials worldwide are still assessing the damage done by the hackers.
White House National Security Adviser Jake Sullivan said the US was mobilizing a response but was “still trying to determine the extent and extent” of the attack. He added that “it is certainly the case that the malicious actors are still in some of these Microsoft Exchange systems”.
Although Sullivan does not confirm Microsoft’s claim that China is responsible for most of the attacks, he did say that Washington intends to provide attribution ‘in the near future’.
“We will not hide the ball on it,” he said. More than 30,000 U.S. companies have been affected, including a significant number of small businesses, towns, cities and local governments, according to cybersecurity researcher Brian Krebs.
There are 7,000 to 8,000 Microsoft Exchange servers in the UK that are considered potentially vulnerable as a result of the hack, and half have already been patched, British security officials said on Friday.
Paul Chichester, director of operations at the UK’s National Cyber Security Center, a branch of GCHQ, said it was ‘essential’ that all organizations take ‘immediate steps’ to protect their networks.
A senior U.S. government official said the attackers appeared to be sophisticated and capable, but said, “they took advantage of the weaknesses that were in the software.”
Additional reporting by Demetri Sevastopulo in Washington