Microsoft is investigating whether the security companies it works with have revealed details of vulnerabilities in their software, helping hackers spread a massive cyber attack late last month, people familiar with the investigation say.
Microsoft originally accused Hafnium, a state-backed Chinese hacker group, of the first series of attacks in January.
Just as the company was preparing to announce hacking and provide repairs, attacks – targeting “certain individuals” on U.S. think tanks and NGOs – suddenly escalated and became indiscriminate.
Several other Chinese hacker groups launched attacks as part of the second wave in late February, according to researchers.
“We are looking at what could have caused the rise in malicious activity and we have not yet reached conclusions,” Microsoft said, adding that he saw “no indication” that information had leaked from the company.
Experts in the investigation said that Microsoft was investigating whether about 80 cyber companies that inform in advance about threats and patches could pass information to hackers. Members of Microsoft’s so-called Active protection program include Chinese companies such as Baidu and Alibaba.
“If the MAPP partner turns out to be a source of leakage, we would face consequences for violating the terms of participation in the program,” Microsoft said.
The investigation, first reported by Bloomberg, comes as criminal gangs for ransomware escalate efforts to attack companies that have not yet updated their systems with Microsoft patches. Government officials around the world are still assessing the damage caused by hackers.
Jake Sullivan, a White House national security adviser, said the U.S. was mobilizing a response but was “still trying to determine the extent and scale” of the attack. He added that “it is certain that malicious actors are still in some of these Microsoft Exchange systems”.
Although Sullivan did not confirm Microsoft’s claim that China was responsible for most of the attacks, he said Washington intended to assign the attribute “in the near future.”
“We’re not going to hide the ball because of that,” he said. More than 30,000 American companies are affected “Including a significant number of small businesses, cities and local governments,” according to cybersecurity researcher Brian Krebs.
There are 7,000 to 8,000 of them Microsoft Exchange British security officials said on Friday that servers in the UK that are considered potentially vulnerable as a result of hacking and about half have already been patched.
Paul Chichester, director of operations at Britain’s National Cyber Security Center, a branch of GCHQ, said it was “vital” that all organizations take “immediate steps” to protect their networks.
A senior U.S. administration official said the attackers looked sophisticated and capable, but said “they took advantage of the weaknesses that had been in that software since its creation.”
Additional reporting by Demetrius Sevastopol of Washington