Microsoft Email Software Breached

Microsoft  has accused a Chinese cyber-espionage group of responsibity for attacks on its corporate email server software. The hackers, named by Microsoft as Hafnium, a state-backed group who are "A highly skilled and sophisticated actor" has claimed at least 60,000 known victims. Many of them appear to be small or medium-sized businesses caught in a wide net. 

Microsoft said the hackers had made use of several vulnerabilities in different versions of Exchange software which allows the hackers to remotely access email inboxes.

Microsoft has released security upgrades to fix the vulnerabilities to its Exchange email server software, which is used for work email and calendar services, mostly for larger organisations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services. Microsoft's Threat Intelligence Centre has attributed the attacks with "high confidence" to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on "observed victimology, tactics and procedures". 

Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.

Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organisation's network. Threat analysts think that Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft said Hafnium is based in China, but it conducts its operations often from leased virtual private servers in the US. There are suspicions that Hafnium has also been interacting with users of Microsoft's Office 365 software.

The company has released software updates aimed at addressing the vulnerabilities in its software and said that this attack was in not related to the SolarWinds attack, which hit US government agencies late last year.  “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” it said.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China, as well as its search engine Bing, although locally-grown Baidu dominates the Chinese search market. Microsoft also runs a centre for Artificial Intelligence (AI) research in China

The Chinese Foreign Ministry has responded with a warning to Microsoft to avoid "unfounded speculation and accusations" when tracing cyber-attacks to China-based government hackers. 

Microsoft:       Bloomberg:     Republic World:    BBC:       Kyiv Post:     Statesman:     Business Ghana:       

You Might Also Read: 

Cyber Attacks On US Government - New Evidence:

 

« Five Great Online Cyber Security Courses For Beginners
GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Dtex Systems

Dtex Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.