Microsoft has warned its customers to beware of Chinese agents attacking Exchange service servers. The Chinese have apparently attacked four previously unknown vulnerabilities of the service, which provides e-commerce services.
This big software giant announced yesterday said He believes that a group of hackers called “Hafnium” is trying to steal information from a wide range of American organizations, including law firms and contractors in the Department of Defense. Microsoft says infectious disease research companies and think tanks have also been targeted by the hackers.
The company claims that Hafnium has used four new vulnerabilities to infiltrate Exchange e-mail service servers in order to obtain information from target companies and even install malware on the servers. The hackers’ information included email accounts and address books of individuals.
Together, these four vulnerabilities create a chain of attacks that could compromise all servers equipped with the 2013 version of the Exchange service or higher.
Microsoft says the Hafnium group operates from inside China, but uses servers inside the United States to carry out its attacks. The company claims that hafnium is the main risk group that exploits these four new vulnerabilities to attack companies. Of course, Microsoft initially said on its blog that Hafnium was the only attacking group, but later changed that phrase.
The company has not yet announced how many of these attacks have been successful, but has limited the number. The patches needed to fix the four vulnerabilities were now released earlier than usual, as Microsoft usually released its patches on the second Tuesday of each month.
“Although we have released an update to counter Hafnium Group attacks, we know that government-affiliated actors and criminal groups will be quick to infiltrate the patched systems,” said Tom Burt, Microsoft’s vice president of customer security. »
Microsoft says it has briefed US government agencies on the findings, but the Hafnium group’s attacks have nothing to do with Solar Winds’ major attack on US companies. In the last days of the Trump administration, the FBI and the US National Security Agency announced that the Solar Winds attack may have been of Russian origin.