Microsoft says Chinese hackers targeted groups via server software

Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code - including elements of Exchange, the company's email and calendaring product. McLellan said the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.

Reuters | Updated: 03-03-2021 10:39 IST | Created: 03-03-2021 03:27 IST
Microsoft says Chinese hackers targeted groups via server software
Representative Image Image Credit: ANI

A China-linked cyberespionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday - an example of how commonly used programs can be exploited to cast a wide net online. In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.

In a separate blog post, cybersecurity firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal "the full contents of several user mailboxes." All they needed to know were the details of Exchange server and of the account they wanted to pillage its emails, Volexity said. The Chinese Embassy in Washington did not immediately return messages seeking comment. Beijing routinely denies carrying out cyberespionage despite numerous allegations from the United States and others.

Ahead of the Microsoft announcement, the hackers' increasingly aggressive moves began to attract attention across the cybersecurity community. Mike McLellan, director of intelligence for Dell Technologies Inc's Secureworks, said he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.

Microsoft's near-ubiquitous suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers set up their Microsoft services to compromise their targets or dive further into affected networks. Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code - including elements of Exchange, the company's email and calendaring product.

McLellan said the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away. "We haven't seen any follow-on activity yet," he said. "We're going to find a lot of companies affected but a smaller number of companies actually exploited."

Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and non-governmental groups.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)


TRENDING

OPINION / BLOG / INTERVIEW

Viral variants and vaccine nationalism pose two-pronged threat to Covid victory

... ...

Tracking Fintech during COVID-19: Harnessing power of technology

Its abundantly clear now that as fintech cements its place in the financial sector, accelerated further by the COVID-19 pandemic, it could open the sector to new possibilities by harnessing the power of technology to deliver financial ...

Tectonic turns: How technology shaped healthcare over the decades

Tracing an episodic evolution, with technology at the interface of human and his health....

World Water Day sees crises of inequality in countries both rich and poor

... ...

Videos

Latest News

Gunman who killed 8 workers at Indianapolis FedEx site had been detained for mental illness

The gunman who opened fire at a FedEx site in Indianapolis, killing eight workers, then himself, was a 19-year-old former employee with a history of mental illness that led to his detention by law enforcement last year, police and FBI offic...

Reuters Sports News Summary

Following is a summary of current sports news briefs.World champion Colemans ban reduced but he still misses OlympicsWorld 100 metres champion Christian Coleman had his two-year ban for breaching anti-doping whereabouts rules reduced to 18 ...

Reuters US Domestic News Summary

Following is a summary of current US domestic news briefs.NASA rules, Musk says as SpaceX wins 2.9 billion moon lander contractNASA awarded billionaire entrepreneur Elon Musks space company SpaceX a 2.9 billion contract to build a spacecraf...

Reuters World News Summary

Following is a summary of current world news briefs.Castro era in Cuba to end as Raul confirms hes retiringRaul Castro confirmed he was handing over the leadership of the Cuban Communist Party to a younger generation at its congress that ki...

Give Feedback