Connect with us

Hi, what are you looking for?



Unpatched Flaws Possibly Stolen From Microsoft in 2013 Hack: Report

Hackers may have stolen information on unpatched vulnerabilities after breaching Microsoft’s systems and gaining access to a bug tracker back in 2013, Reuters reported on Monday.

Hackers may have stolen information on unpatched vulnerabilities after breaching Microsoft’s systems and gaining access to a bug tracker back in 2013, Reuters reported on Monday.

At the time of the breach, Microsoft informed customers that it had been targeted in an attack similar to the ones aimed at Facebook and Apple.

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing,” Microsoft said at the time.

Reuters learned from five former Microsoft employees that the attackers also breached a database that stored information on unpatched flaws affecting Windows and other products. The database had been protected only with a password.

While Microsoft fixed all the vulnerabilities within months of the intrusion and found no evidence of the flaws being exploited in other attacks, it’s still possible that the malicious actor created exploits that it used in other campaigns.

The former employees said Microsoft analyzed breaches suffered by other organizations at the time, but found no clear evidence that the stolen vulnerability information had been abused.

However, three of the former employees claim the study had too little data and noted that Microsoft relied on automated reports generated by software crashes to find exploits. However, experts argued that sophisticated attacks may have not generated crashes that would tip off Microsoft. In fact, the company did observe attacks exploiting the vulnerabilities, but concluded that they could have been obtained elsewhere.

Advertisement. Scroll to continue reading.

“In February 2013, we commented on the discovery of malware, similar to that found by other companies at the time, on a small number of computers including some in our Mac business unit. Our investigation found no evidence of information being stolen and used in subsequent attacks,” a Microsoft spokesperson told SecurityWeek.

The hacker group that targeted Microsoft, Apple, Twitter and Facebook back in 2013 is known as Butterfly, Morpho and Wild Neuton. The threat actor, described as a financially motivated espionage group, is believed to have been active since at least 2011.

The hackers leveraged watering holes, Java zero-day exploits, and Windows and Mac backdoors to target the tech giants. The attackers went silent for nearly a year after these campaigns and reemerged in late 2013, when they started targeting organizations in the legal, real estate, investment, IT and healthcare sectors around the world. They also launched attacks on individual users and Bitcoin companies.

Microsoft is not the only company whose bug-tracking database has been breached. Back in 2015, Mozilla informed users that an attacker breached its Bugzilla bug tracker using stolen credentials and accessed information on 185 non-public vulnerabilities affecting Firefox and other products.

*Updated with statement from Microsoft

Related: Hackers Steal Law Enforcement Inquiry Documents from Microsoft

Related: Duqu 2.0 Attack Hits Kaspersky Lab, Venues Tied to Iran Nuclear Talks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.