Microsoft Warns Customers Against New China Cyberattack on Exchange Email

Microsoft warns its customers against a new nation-state China cyberattack that is targeting the tech giant’s “Exchange Server” software, IANS writes. Although there wasn’t any immediate indication that the breach resulted in significant exploitation of government computer networks, the announcement marks the second time in the last few months that the U.S. has struggled to address a broad cyber espionage campaign.

In the past year alone, Microsoft has publicly revealed nation-state groups targeting institutions critical to civil society no less than eight times.

Echoes of SolarWinds

This January, the multinational technology company admitted that the Russian hackers responsible for the massive SolarWinds attack attempted malicious activities in its environment. The White House stated that a total of nine federal companies and around 100 personal sector corporations were compromised as a consequence of the SolarWinds hack after 18,000 entities downloaded the malicious update.

However, according to Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft,

The exploits we’re discussing today were in no way connected to the separate SolarWinds-related attacks. We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.

Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.

• Completely secure your infrastructure against email-delivered threats;
• Deep content scanning for malicious attachments and links;
• Block Phishing and man-in-the-email attacks;
• Complete email-based reporting for compliance & auditing requirements;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Who is Hafnium?

The new threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) is called “Hafnium” and operates from China. Hafnium is attacking infectious disease researchers, law firms, universities, defense contractors, policy think tanks, and NGOs in the US aiming to withdraw sensitive information. The hackers not only gained access to the victims’ emails but also to their entire networks using four distinct zero-day exploits.

Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.

While conducting their research, MSTIC discovered that Hafnium would first gain access to an Exchange Server either with stolen passwords or by using the previously unknown vulnerabilities to pass for someone who should have access.

In an extensive cyberattack on US federal companies and corporations, hackers also broke into the networks of NASA and the Federal Aviation Administration (FAA), motivating that the Biden administration was preparing sanctions against Russia because the previous Trump administration said the cybercriminals are “probably Russian in origin”.

Following the allegations that China hacked into Microsoft’s email and calendar server program, the U.S. has issued an emergency warning.