Microsoft says Chinese hackers targeted groups via server software
Send a link to a friend
 [March 03, 2021] By
Raphael Satter and Christopher Bing
WASHINGTON (Reuters) - A China-linked
cyber-espionage group has been remotely plundering email inboxes using
freshly discovered flaws in Microsoft mail server software, the company
and outside researchers said on Tuesday - an example of how commonly
used programs can be exploited to cast a wide net online.
In a blog post, Microsoft said the hacking campaign made use of four
previously undetected vulnerabilities in different versions of the
software and was the work of a group it dubs HAFNIUM, which it described
as a state-sponsored entity operating out of China.
In a separate blog post, cyber-security firm Volexity said that in
January it had seen the hackers use one of the vulnerabilities to
remotely steal "the full contents of several user mailboxes." All they
needed to know were the details of Exchange server and of the account
they wanted to pillage, Volexity said.
China opposes all forms of cyber-attacks, Chinese foreign ministry
spokesman Wang Wenbin said at a news briefing in Beijing on Wednesday.
"China wishes relevant media and companies take a professional and
responsible attitude, and base characterizations of cyber-attacks on
ample evidence, rather than groundless guesses and accusations," he
said.
Ahead of the Microsoft announcement, the hackers' increasingly
aggressive moves began to attract attention across the cybersecurity
community.
Mike McLellan, director of intelligence for Dell Technologies Inc's
Secureworks, said ahead of the Microsoft announcement that he had
noticed a sudden spike in activity touching Exchange servers overnight
on Sunday, with around 10 customers affected at his firm.
[to top of second column] |
A computer keyboard lit
by a displayed cyber code is seen in this illustration picture taken
on March 1, 2017. REUTERS/Kacper Pempel/Illustration
Microsoft's suite of products has been under scrutiny since the hack of
SolarWinds, the Texas-based software firm that served as a springboard for
several intrusions across government and the private sector. In other cases,
hackers took advantage of the way customers had set up their Microsoft services
to compromise their targets or dive further into affected networks.
Hackers who went after SolarWinds also breached Microsoft itself, accessing and
downloading source code - including elements of Exchange, the company's email
and calendaring product.
McLellan said that for now, the hacking activity he had seen appeared focused on
seeding malicious software and setting the stage for a potentially deeper
intrusion rather than aggressively moving into networks right away.
"We haven't seen any follow-on activity yet," he said. "We're going to find a
lot of companies affected but a smaller number of companies actually exploited."
Microsoft said targets included infectious disease researchers, law firms,
higher education institutions, defense contractors, policy think tanks, and
non-governmental groups.
(Reporting by Raphael Satter and Christopher Bing; Editing by Dan Grebler and
Raju Gopalakrishnan)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
