Microsoft (Microsoft Corp., MSFT) said a Chinese hacking group thought to have a government background has targeted previously unknown security vulnerabilities in a commercial e-mail product. Microsoft urged customers to update their Exchange Server to patch four vulnerabilities and warned of possible derivative attacks. Microsoft said targets of the attack included infectious disease researchers, law firms, higher Education institutions, defense contractors, policy think tanks and nongovernmental organizations.
Microsoft warned that Chinese Hackers have targeted an e-mail product, the Wall Street Journal reported today. Microsoft said Tuesday that the hacking group, known as “Hafnium,” is targeting vulnerabilities in multiple versions of the e-mail and calendar application Exchange Server, which runs on computer systems in brick-and-mortar offices. Microsoft said Hafnium had previously tried to steal information from infectious disease researchers, law firms, defense contractors and a number of other computers.
Microsoft urged customers to update their Exchange Server to patch the four vulnerabilities and warned of possible derivative attacks.
China-linked cyber espionage groups exploited newly discovered vulnerabilities in Microsoft’s mail server software to remotely compromise e-mail inboxes, according to Microsoft and outside researchers on Tuesday. The attack, launched by hacking group HAFNIUM, exploited four previously undiscovered vulnerabilities in different versions of the software, Microsoft said in a blog post. Microsoft describes HAFNIUM as a government-backed entity operating outside of China.
In a separate blog post, cybersecurity firm Volexity said it discovered in January that hackers had exploited one of the vulnerabilities to remotely steal “the entire contents of several users’ mailboxes. email accounts they wanted to steal.
The Chinese Embassy in the United States did not immediately return a reporter’s message seeking comment, Reuters reported today. China has denied engaging in cyber espionage, despite a string of accusations from the United States and other countries.
Recent Comments