Microsoft Says Chinese Hackers Attacked Exchange Server Software To Access Email Accounts

Kimberly Redmond  |

Video source: YouTube, CNBC Television

Microsoft Corporation (Nasdaq:  MSFT) said a group of China-based government hackers exploited a bug in the company’s popular email service that enabled it to gain access to US computers in late January.

In blog post Tuesday, the software giant said a “highly skilled and sophisticated” state-sponsored entity in China hacked its way into Microsoft Exchange servers in order to steal information from a number of organizations, including universities, law firms, infectious disease researchers, non-governmental organizations, policy think tanks and defense contractors. 

According to Microsoft, hackers took advantage of four previously undetected software vulnerabilities to attack servers “which enabled access to email accounts and [enabled] installation of additional malware to facilitate long-term access to victim environments.”

The company declined to identify specific targets or say how many organizations were affected.

Security upgrades have since been released to fix the vulnerabilities to its Exchange server software, which is used for email and calendar services by mostly larger organizations that do not have their own email servers.  The hack did not affect personal email accounts or Microsoft’s cloud-based services, the company said.

On Tuesday, the company said, “We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately.”

Subscribe to get our Daily Fix delivered to your inbox 5 days a week

Virginia-based cybersecurity firm Volexity, which Microsoft credited with helping detect the breach, said its network security monitoring service began noticing suspiciously large data transfers in late January and observed hackers stealing “the full contents of several user mailboxes.” 

Steven Adair, Volexity’s president, told The Associated Press he is concerned the hackers will ramp up activity in coming days before organizations can install Microsoft’s newly-released security patches. 

The attacks, Microsoft believes, were carried out by HAFNIUM, “a group assessed to be state-sponsored and operating out of China” that “primarily targets entities in the United States across a number of industry sectors.” Microsoft said, though the group is believed to be based in China, it usually strikes using leased virtual private servers based in the US to try and avoid detection.

Tom Burt, Microsoft’s corporate vice president of customer security and trust, said the most recent breach is the eighth time over the past year that the company “has publicly disclosed nation-state groups targeting institutions critical to civil society.” 

“Other activity we disclosed has targeted healthcare organizations fighting COVID-19, political campaigns and others involved in the 2020 election and high-profile attendees of major policymaking conferences,” said Burt, who added that Microsoft has briefed US federal agencies on the latest hack.

When asked about Microsoft’s blog post during a news briefing Wednesday in Beijing, Chinese foreign ministry spokesman Wang Wenbin said the state opposes all forms of cyberattacks, CNBC reported.

Wang also said, “China wishes relevant media and companies take a professional and responsible attitude, and base characterizations of cyberattacks on ample evidence, rather than groundless guesses and accusations.”

_____

Source: Equities News

Market Movers