A group of hackers based in China have taken advantage of the flaws in Microsoft’s email server software to attack American organizations.
Microsoft said there is a “highly skilled and sophisticated” group of hackers, sponsored by a government and operating outside of China, trying to steal information from various US targets, including universities, defense contractors, Includes investigators from law firms and infectious diseases.
The company noted that it has released security updates to fix vulnerabilities in its Exchange Server software, which are used for email and business calendar services, especially for large organizations that have their own email servers Huh. It does not affect personal email accounts or Microsoft cloud-based services.
Microsoft noted that the hacking group, which it identified as hafnium, was able to allow Exchange Server to access them. Hackers later posed as someone who should have access and created a way to remotely control the server so that they could steal information from the organization’s network.
He said the group is based in China, but operates in the United States from rented virtual private servers, which helps it avoid detection.
Microsoft, based in Redmond, Washington, declined to identify a specific target or say how many organizations were affected.
Volexity, a Reston, Virginia-based cybersecurity company credited with intrusion detection, reported that its network security monitoring service began detecting a suspicious data transfer in late January.
“They were just downloading emails, they attacked everything,” said Wexity president Steven Adair.
Adair said he was concerned that hackers would speed up their activity in the coming days before installing Microsoft’s security update to the organization.
“As bad as it is right now, I think it’s going to be bad,” he said. “This gives them an opportunity to go in limited quantities and take advantage of something. The patch is not going to fix that if they went through the back door. “