Microsoft Email Software Breached

Uploaded on 2021-03-09 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft  has accused a Chinese cyber-espionage group of responsibity for attacks on its corporate email server software. The hackers, named by Microsoft as Hafnium, a state-backed group who are "A highly skilled and sophisticated actor" has claimed at least 60,000 known victims. Many of them appear to be small or medium-sized businesses caught in a wide net. 

Microsoft said the hackers had made use of several vulnerabilities in different versions of Exchange software which allows the hackers to remotely access email inboxes.

Microsoft has released security upgrades to fix the vulnerabilities to its Exchange email server software, which is used for work email and calendar services, mostly for larger organisations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services. Microsoft's Threat Intelligence Centre has attributed the attacks with "high confidence" to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on "observed victimology, tactics and procedures". 

Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.

Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organisation's network. Threat analysts think that Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft said Hafnium is based in China, but it conducts its operations often from leased virtual private servers in the US. There are suspicions that Hafnium has also been interacting with users of Microsoft's Office 365 software.

The company has released software updates aimed at addressing the vulnerabilities in its software and said that this attack was in not related to the SolarWinds attack, which hit US government agencies late last year.  “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” it said.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China, as well as its search engine Bing, although locally-grown Baidu dominates the Chinese search market. Microsoft also runs a centre for Artificial Intelligence (AI) research in China

The Chinese Foreign Ministry has responded with a warning to Microsoft to avoid "unfounded speculation and accusations" when tracing cyber-attacks to China-based government hackers. 

Microsoft:       Bloomberg:     Republic World:    BBC:       Kyiv Post:     Statesman:     Business Ghana:       

You Might Also Read: 

Cyber Attacks On US Government - New Evidence:

 

« Five Great Online Cyber Security Courses For Beginners
GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse »

Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Spark Security

Spark Security

Spark Security is a cyber security consultancy providing affordable security testing services for small and medium-sized enterprises (SMEs).

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.