Min menu


China-linked group targeting Microsoft Exchange defects


Microsoft said a China-linked cyber-espionage group is remotely stealing e-mail boxes using newly discovered flaws in the Microsoft Exchange Server software, an example of how commonly used software is exploiting online espionage.

Microsoft explained in a blog post that the hacking campaign used four previously undetected vulnerabilities in different versions of the Microsoft Exchange Server server program and was the work of a group called HAFNIUM, which it described as a state-sponsored entity operating from China.

In a separate blog post, cybersecurity firm Volexity said that in January it saw hackers using one of the vulnerabilities to steal the full content of many users' mailboxes remotely.

Volexity said all they need to know is the details of the Microsoft Exchange Server program and the account they wanted to steal their emails.

Beijing routinely denies cyber espionage, despite a spate of allegations from the United States and others.

Prior to Microsoft's announcement, increasingly aggressive hackers began to attract attention from across the cybersecurity community.

Mike McLellan, director of intelligence at Dell's Secureworks, said before Microsoft's announcement: "I noticed a sudden rise in activity related to the Microsoft Exchange Server program overnight, with about 10 customers in the company affected.

Microsoft's ubiquitous near-ubiquitous product range has been under scrutiny since the hack of SolarWinds, a software company that has been the starting point for many breaches of government and private networks.

In other cases, hackers have benefited from the way customers have created their own Microsoft services to threaten targets or dive further into affected networks.

The hackers who chased SolarWinds hacked into Microsoft itself, accessing and downloading source code — including elements of the Microsoft Exchange Server program.

"The hacking activity he's seen seems to be focused on spreading malware and paving the way for a deeper intrusion rather than moving aggressively into networks immediately," McClellan said.

Microsoft said the goals include infectious disease researchers, law firms, higher education institutions, defense contractors, think tanks, and non-governmental groups.