Microsoft has revealed that a China-linked cyberespionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software.
Microsoft has revealed that a China-linked cyberespionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, Reuters reported.
Microsoft in a blog post said the hacking campaign used four previously undetected vulnerabilities in different versions of the software and was the work of HAFNIUM group, which it described as a state-sponsored entity operating out of China.
Cybersecurity firm Volexity in a separate blog post said that in January it had seen the hackers use one of the vulnerabilities to remotely steal “the full contents of several user mailboxes.” All they needed to know were the details of Exchange server and of the account they wanted to pillage its emails, Volexity said.
The Chinese Embassy in Washington did not immediately return messages seeking comment. Beijing routinely denies carrying out cyberespionage despite a drumbeat of allegations from the United States and others.
Ahead of the Microsoft announcement, the hackers’ increasingly aggressive moves began to attract attention from across the cybersecurity community.
Mike McLellan, director of intelligence for Dell Technologies’ Secureworks, said ahead of the Microsoft announcement that he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.
Microsoft’s suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks.
Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code – including elements of Exchange, the company’s email and calendaring product.
McLellan said that for now, the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.
Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.
