South Africa

Microsoft says Chinese hackers targeted groups via server software

Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM

Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM
Image: 123RF/welcomia

A China-linked cyber-espionage group has been remotely plundering e-mail inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday — an example of how commonly used programs can be exploited to cast a wide net online.

In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.

In a separate blog post, cybersecurity firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal “the full contents of several user mailboxes.” All they needed to know were the details of Exchange server and of the account they wanted to pillage its e-mails, Volexity said.

The Chinese Embassy in Washington did not immediately return messages seeking comment. Beijing routinely denies carrying out cyber-espionage despite numerous allegations from the US and others.

Ahead of the Microsoft announcement, the hackers' increasingly aggressive moves began to attract attention across the cybersecurity community.

Mike McLellan, director of intelligence for Dell Technologies Inc's Secureworks, said he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.

Microsoft's near-ubiquitous suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers set up their Microsoft services to compromise their targets or dive further into affected networks.

Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code — including elements of Exchange, the company's e-mail and calendaring product.

McLellan said the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.

“We haven't seen any follow-on activity yet,” he said. “We're going to find a lot of companies affected but a smaller number of companies actually exploited.”

Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defence contractors, policy think-tanks and non-governmental groups. 

Football news:

Real Madrid will not sell Vinicius, Valverde, Edegor and Rodrigo in the summer. They are considered key players for the future of the club
Arteta on Arsenal's kneeling players: They had their reasons. I think this is the right gesture
Pogba on Mourinho: Solskjaer may not put players in the squad, but he won't push them away as if they don't exist. This is the difference
Saka, Dzeko, Uan-Bissaka and Gerard Moreno claim the Europa League Player of the Week title
Real Madrid and Modric have agreed on a one-year contract extension. The player agreed to a salary reduction
Roma reached the 1/2 final of the UEFA Cup/Europa League for the first time since 1991
Contrast before the whistle in Prague: Slavia players lined up in front of a kneeling Arsenal