Microsoft says Chinese hackers are exploiting mail server vulnerabilities

Microsoft says Chinese hackers are exploiting mail server vulnerabilities.   | Photo Credit: Reuters

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Microsoft said on Tuesday a Chinese state-sponsored threat actor, that it is calling ‘Hafnium’, has been exploiting previously unknown vulnerabilities in the company’s mail server software.

Hackers used flaws in the software to gain access to email accounts via on-premise Exchange servers. Further, they used them to install additional malware to facilitate long-term access at victim’s environments, the Redmond-based company said in a blog post.

Also Read | Microsoft failed to shore up defenses that could have limited SolarWinds hack - U.S. senator

According to Microsoft, Hafnium operates mostly using leased virtual private servers in the U.S., and primarily targets entities in the country across several industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.

Cybersecurity company Volexity, along with another security firm Dubex, notified Microsoft about certain aspects of the hack.

“These attacks appear to have started as early as January 6, 2021,” Volexity said in a blog post, “The attacker was using the vulnerability to steal the full contents of several user mailboxes.”

Also Read | U.S. government hack: espionage or act of war?

“This vulnerability is remotely exploitable and does not require authentication of any kind, nor does it require any special knowledge or access to a target environment. The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail,” Volexity explained.

Enterprise customers mainly use Microsoft Exchange Server, and according to the company it has “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.”

Microsoft has released security updates for customers using its Exchange Server and urges them to apply these updates immediately. It said applying the patches is the best protection against this attack.

Also Read | SolarWinds hack required massive, sophisticated effort: Microsoft president

The software giant further added that these exploits were in no way connected to the SolarWinds-related attacks.

This article is closed for comments.
Please Email the Editor

Printable version | Apr 16, 2021 10:37:37 PM |

Next Story