Microsoft Email Software Breached

Uploaded on 2021-03-09 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft  has accused a Chinese cyber-espionage group of responsibity for attacks on its corporate email server software. The hackers, named by Microsoft as Hafnium, a state-backed group who are "A highly skilled and sophisticated actor" has claimed at least 60,000 known victims. Many of them appear to be small or medium-sized businesses caught in a wide net. 

Microsoft said the hackers had made use of several vulnerabilities in different versions of Exchange software which allows the hackers to remotely access email inboxes.

Microsoft has released security upgrades to fix the vulnerabilities to its Exchange email server software, which is used for work email and calendar services, mostly for larger organisations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services. Microsoft's Threat Intelligence Centre has attributed the attacks with "high confidence" to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on "observed victimology, tactics and procedures". 

Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.

Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organisation's network. Threat analysts think that Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft said Hafnium is based in China, but it conducts its operations often from leased virtual private servers in the US. There are suspicions that Hafnium has also been interacting with users of Microsoft's Office 365 software.

The company has released software updates aimed at addressing the vulnerabilities in its software and said that this attack was in not related to the SolarWinds attack, which hit US government agencies late last year.  “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” it said.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China, as well as its search engine Bing, although locally-grown Baidu dominates the Chinese search market. Microsoft also runs a centre for Artificial Intelligence (AI) research in China

The Chinese Foreign Ministry has responded with a warning to Microsoft to avoid "unfounded speculation and accusations" when tracing cyber-attacks to China-based government hackers. 

Microsoft:       Bloomberg:     Republic World:    BBC:       Kyiv Post:     Statesman:     Business Ghana:       

You Might Also Read: 

Cyber Attacks On US Government - New Evidence:

 

« Five Great Online Cyber Security Courses For Beginners
GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

CERT-FR

CERT-FR

CERT-FR is the French national government computer security incident response team.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.