Microsoft Email Software Breached

Uploaded on 2021-03-09 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft  has accused a Chinese cyber-espionage group of responsibity for attacks on its corporate email server software. The hackers, named by Microsoft as Hafnium, a state-backed group who are "A highly skilled and sophisticated actor" has claimed at least 60,000 known victims. Many of them appear to be small or medium-sized businesses caught in a wide net. 

Microsoft said the hackers had made use of several vulnerabilities in different versions of Exchange software which allows the hackers to remotely access email inboxes.

Microsoft has released security upgrades to fix the vulnerabilities to its Exchange email server software, which is used for work email and calendar services, mostly for larger organisations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services. Microsoft's Threat Intelligence Centre has attributed the attacks with "high confidence" to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on "observed victimology, tactics and procedures". 

Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.

Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organisation's network. Threat analysts think that Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft said Hafnium is based in China, but it conducts its operations often from leased virtual private servers in the US. There are suspicions that Hafnium has also been interacting with users of Microsoft's Office 365 software.

The company has released software updates aimed at addressing the vulnerabilities in its software and said that this attack was in not related to the SolarWinds attack, which hit US government agencies late last year.  “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” it said.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China, as well as its search engine Bing, although locally-grown Baidu dominates the Chinese search market. Microsoft also runs a centre for Artificial Intelligence (AI) research in China

The Chinese Foreign Ministry has responded with a warning to Microsoft to avoid "unfounded speculation and accusations" when tracing cyber-attacks to China-based government hackers. 

Microsoft:       Bloomberg:     Republic World:    BBC:       Kyiv Post:     Statesman:     Business Ghana:       

You Might Also Read: 

Cyber Attacks On US Government - New Evidence:

 

« Five Great Online Cyber Security Courses For Beginners
GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.

Rocket Software

Rocket Software

Rocket Software helps customers in all industries solve their most complex IT challenges, across infrastructure, data, and applications — with solutions that simplify, not disrupt.