A Chinese hacking group believed to be supported by the government is targeting previously unknown vulnerabilities in an email product used by businesses.
The company announced on Tuesday that it that the group it calls « Hafnium » is targeting vulnerabilities in versions of Exchange Server, an email and calendaring application that run on computer systems in physical offices. Hafnium has previously attempted to steal information from infectious disease researchers, law firms, defense companies and others, Microsoft said.
Microsoft urged customers to update their Exchange Server to fix four security holes and warned of spin-offs Attacks.
« Although we worked quickly to provide an update for the hafnium exploits, we know that many nation-state actors and criminal groups will act quickly to take advantage of any unpatched systems, » said Tom Burt, Microsoft’s corporate vice president of customer trust and security said in a blog post.
Microsoft researchers attributed the activity they are first discussing publicly to a government-sponsored Chinese group who, because of their tactics, introduced the has a high level of trust. The Chinese embassy in Washington did not immediately respond to a request for comment.
According to Microsoft, Hafnium launched « limited and targeted attacks » via leased virtual private servers in the US. Hackers have accessed victims’ Exchange Server software through stolen passwords or vulnerabilities to install malware that can be used to extract data.
Microsoft said it had no evidence that individual customers – and not Businesses and other organizations – were affected. Exchange Online, a version of the email app that runs in the cloud, remained intact.
The disclosure comes days after a Senate hearing in the Microsoft President
and other technology executives called for greater cybersecurity coordination in the public and private sectors in response to the Texas-based software company’s hack last year
Microsoft, which announced Tuesday that it had notified federal officials of hafnium, added that the activity was unrelated to the SolarWinds violation. Federal officials said the attack, which affected at least nine US authorities and 100 companies, including Microsoft, likely originated in Russia. Moscow has denied responsibility.