Microsoft reveals Chinese hack targeting Microsoft Exchange

Posted:
in General Discussion edited March 3
Microsoft has disclosed evidence that "Hafnium," a new Chinese hacking group, has been targeting US servers running Microsoft's email system.

Microsoft Office for Mac.Credit: Apple
Credit: Apple


Following the 2020 US Treasury Department hack which involved compromised Microsoft Office accounts, Microsoft has now disclosed a separate attack on its systems. Organized by a group Microsoft has codenamed "Hafnium," it's described as a "highly skilled and sophisticated" attack.

"Today, we're sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium," said Microsoft in a blog announcement. "Hafnium operates from China, and this is the first time we're discussing its activity. It is a highly skilled and sophisticated actor."

Hafnium -- unrelated to the material used in Intel processors -- is based in China. However, "it conducts its operations primary from leased virtual private servers (VPS) in the United States."

"Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software," continues Microsoft. "First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access."

"Second, it would create what's called a web shell to control the compromised server remotely," says the announcement. "Third, it would use that remote access - run from the U.S.-based private servers - to steal data from an organization's network."

Microsoft says that it has "worked quickly to deploy an update" to address the "Hafnium exploits." However, it also says that the attack technique targeted only business customers.

"We strongly encourage all Exchange Server customers to apply these updates immediately," it says. "Exchange Server is primarily used by business customers, and we have no evidence that Hafnium's activities targeted individual consumers or that these exploits impact other Microsoft products."

Microsoft also reports that it has briefed "appropriate US government agencies on this activity."

According to the company, this is the eighth time in a year that it has uncovered and disclosed "nation-state groups targeting institutions critical to civil society." While all of these were concerned with corporations instead of individuals, there have previously been vulnerabilities in Microsoft Office that affected Mac users.

Comments

  • Reply 1 of 6
    Meanwhile, we are fighting about the oil-stans. China is the real threat enemy state. Not sure why peaceful co-existence is not possible. 
    But we MUST have cheap TVs!
    edited for clarity?
    edited March 3 chadbagwatto_cobra
  • Reply 2 of 6
    65026502 Posts: 363member
    "They’re not bad folks, folks … They’re not competition for us." - J. Biden.
    watto_cobra
  • Reply 3 of 6
    docbburkdocbburk Posts: 28member
    Enough is enough!  
    watto_cobra
  • Reply 4 of 6
    tokyojimutokyojimu Posts: 474member
    The NSA is probably doing the same against China. But China doesn’t disclose when they’ve been hacked. 
    watto_cobra
  • Reply 5 of 6
    hexclockhexclock Posts: 891member
    tokyojimu said:
    The NSA is probably doing the same against China. But China doesn’t disclose when they’ve been hacked. 
    They have no technology we need to steal. 
    tmaywatto_cobra
  • Reply 6 of 6
    hexclock said:
    tokyojimu said:
    The NSA is probably doing the same against China. But China doesn’t disclose when they’ve been hacked. 
    They have no technology we need to steal. 
    It's not only technology that hackers seek.  Information that can be used to disrupt business and government operations is probably at least as valuable, and sought after, as technology.
    muthuk_vanalingamwatto_cobra
Sign In or Register to comment.