Reportedly, Microsoft had also suffered a information breach 4 as well as a one-half years agone (in 2013), when a "highly sophisticated hacking group" breached its bug-reporting as well as patch-tracking database, but the hack was never made populace until today.
According to 5 onetime employees of the company, interviewed separately past times Reuters, revealed that the breached database had been "poorly protected with access possible via lilliputian to a greater extent than than a password."
This incident is believed to last the instant known breach of such a corporate database afterward a critical zero-day vulnerability was discovered inwards Mozilla's Bugzilla bug-tracking software inwards 2014.
As its elevate suggests, the bug-reporting as well as patch-tracking database for Windows contained information on critical as well as unpatched vulnerabilities inwards some of the most widely used software inwards the world, including Microsoft's ain Windows operating system.
The hack was believed to last carried out past times a highly-skilled corporate espionage hacking grouping known past times diverse names, including Morpho, Butterfly as well as Wild Neutron, who exploited a JAVA zero-day vulnerability to hack into Apple Mac computers of the Microsoft employees, "and hence motion to fellowship networks."
With such a database inwards hands, the so-called highly sophisticated hacking grouping could direct maintain developed zero-day exploits as well as other hacking tools to target systems worldwide.
There's no improve example than WannaCry ransomware attack to explicate what a unmarried zero-day vulnerability tin forcefulness out do.
"Bad guys with within access to that information would literally direct maintain a ‘skeleton key’ for hundreds of millions of computers roughly the world," said Eric Rosenbach, who was American deputy assistant secretarial assistant of defense forcefulness for cyber at the fourth dimension of the breach.
When Microsoft discovered the compromised database inwards before 2013, an warning spread within the company.
Following the concerns that hackers were using stolen vulnerabilities to deport novel attacks, the tech giant conducted a study to compare the timing of breaches with when the bugs had entered the database as well as when they were patched.
Although the study constitute that the flaws inwards the stolen database were used inwards cyber attacks, Microsoft argued the hackers could direct maintain obtained the information elsewhere, as well as that there's "no evidence that the stolen information had been used inwards those breaches."
Former employees also confirmed that the tech giant tightened upward its safety afterward the 2013 hacking incident as well as added multiple authentication layers to protect its bug-reporting system.
However, 3 of the employees believes the study conducted past times Microsoft did non dominion out stolen vulnerabilities existence used inwards futurity cyber attacks, as well as neither the tech giant conducted a thorough investigation into the incident.
On existence contacted, Microsoft declined to verbalize virtually the incident, beyond saying: "Our safety teams actively monitor cyber threats to assist us prioritise as well as direct maintain appropriate activity to driblet dead along customers protected."
Share This :
comment 0 Comments
more_vert