Microsoft Email Software Breached

Uploaded on 2021-03-09 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft  has accused a Chinese cyber-espionage group of responsibity for attacks on its corporate email server software. The hackers, named by Microsoft as Hafnium, a state-backed group who are "A highly skilled and sophisticated actor" has claimed at least 60,000 known victims. Many of them appear to be small or medium-sized businesses caught in a wide net. 

Microsoft said the hackers had made use of several vulnerabilities in different versions of Exchange software which allows the hackers to remotely access email inboxes.

Microsoft has released security upgrades to fix the vulnerabilities to its Exchange email server software, which is used for work email and calendar services, mostly for larger organisations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services. Microsoft's Threat Intelligence Centre has attributed the attacks with "high confidence" to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on "observed victimology, tactics and procedures". 

Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors.

Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organisation's network. Threat analysts think that Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft said Hafnium is based in China, but it conducts its operations often from leased virtual private servers in the US. There are suspicions that Hafnium has also been interacting with users of Microsoft's Office 365 software.

The company has released software updates aimed at addressing the vulnerabilities in its software and said that this attack was in not related to the SolarWinds attack, which hit US government agencies late last year.  “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” it said.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China, as well as its search engine Bing, although locally-grown Baidu dominates the Chinese search market. Microsoft also runs a centre for Artificial Intelligence (AI) research in China

The Chinese Foreign Ministry has responded with a warning to Microsoft to avoid "unfounded speculation and accusations" when tracing cyber-attacks to China-based government hackers. 

Microsoft:       Bloomberg:     Republic World:    BBC:       Kyiv Post:     Statesman:     Business Ghana:       

You Might Also Read: 

Cyber Attacks On US Government - New Evidence:

 

« Five Great Online Cyber Security Courses For Beginners
GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.