Microsoft says Chinese hacking group targeting security flaws in business email app
Microsoft warned Tuesday that a hacking group supported by the Chinese government is exploiting security flaws in an email program popular among American businesses.
The company said in a blog post that the group, named Hafnium, is trying to take advantage of previously unknown security weaknesses in the email application Exchange Server. Microsoft called on customers to update Exchange Server to fix four susceptibilities in the program.
Microsoft said it determined Hafnium was behind the hack “based on observed victimology, tactics and procedures.”
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, Microsoft’s corporate vice president of customer trust and security, wrote in a blog post.
Microsoft said Hafnium waged “limited and targeted attacks” by working through leased virtual private servers. The software was accessed through stolen passwords or other vulnerabilities, and malware was installed in an attempt to gain data.
The hack comes months after the breach of SolarWinds Corp. was revealed. That breach gave hackers access to data from various government agencies that used the company’s software in one of the broadest cyberattacks in modern history. That attack is believed to have been the work of hackers working on behalf of the Russian government.
Microsoft said it has briefed federal officials on the latest hack.