Microsoft Warns of Chinese Hackers Targeting Email Product
March 02 2021 - 6:28PM
Dow Jones News
By David Uberti
Microsoft Corp. said a Chinese hacking group thought to have
government backing is targeting previously unknown security flaws
in an email product used by businesses.
The company said Tuesday that the group, which it calls
"Hafnium," is targeting vulnerabilities in versions of Exchange
Server, an email and calendar application, that run on computer
systems in physical offices. Hafnium previously has tried to steal
information from infectious disease researchers, law firms, defense
contractors and others, Microsoft said.
Microsoft urged customers to update their Exchange Server to
patch four vulnerabilities and warned of spinoff attacks.
"Even though we've worked quickly to deploy an update for the
Hafnium exploits, we know that many nation-state actors and
criminal groups will move quickly to take advantage of any
unpatched systems," Tom Burt, Microsoft's corporate vice president
of customer trust and security, said in a blog post.
Researchers at Microsoft attributed the activity, which they are
discussing publicly for the first time, to a state-sponsored
Chinese group with a high degree of confidence based on its
tactics. The Chinese Embassy in Washington didn't immediately
respond to a request for comment.
Hafnium launched "limited and targeted attacks" through leased
virtual private servers in the U.S., according to Microsoft.
Hackers accessed victims' Exchange Server software through either
stolen passwords or vulnerabilities to install malware that would
help extract data, the company said.
Microsoft said it has no evidence that individual customers --
rather than businesses and other organizations -- were affected.
Exchange Online, a version of the email app that runs on the cloud,
remained unscathed, the company said.
The disclosure comes days after a Senate hearing in which
Microsoft President Brad Smith and other technology executives
called for greater cybersecurity coordination across the public and
private sectors in response to the hack last year of Texas-based
software provider SolarWinds Corp.
Microsoft, which said Tuesday it has briefed federal officials
on Hafnium, added that the activity isn't connected to the
SolarWinds breach. Federal officials have said that attack, which
affected at least nine U.S. agencies and 100 companies, including
Microsoft, likely originated in Russia. Moscow has denied
responsibility.
Write to David Uberti at david.uberti@wsj.com
(END) Dow Jones Newswires
March 02, 2021 18:13 ET (23:13 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Aug 2024 to Sep 2024
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Sep 2023 to Sep 2024