Tech giant Microsoft has warned customers that a new China state-sponsored hacking group is exploiting previously undisclosed security flaws in Microsoft’s Exchange Server email product. The hackers accessed the email systems of a wide range of organizations including defense contractors and infectious disease researchers.
TechCrunch reports that the tech giant Microsoft has warned customers that it believes a Chinese-stated backed hacking group, referred to as Hafnium, has used four previously undisclosed security flaws in Microsoft’s Exchange Server enterprise email product in an attempt to steal private information.
On Tuesday, Microsoft stated that the group exploited the software in an attempt to steal information from a number of U.S.-based organizations including law firms and defense contractors, but also appeared to target infectious disease researchers and policy think tanks.
According to Microsoft, Hafnium used four newly discovered security vulnerabilities to hack into Exchange email servers running on company networks, giving the hackers the ability to steal information from a victim’s organization.
This information included email accounts and address books and gave the hackers the ability to plant malware within company systems. The four vulnerabilities combined create an attack chain that could compromise any firm using on-site servers running Exchange 2013 and later.
Hafnium is reportedly operating out of China but uses U.S.-based servers to launch attacks. Microsoft stated that Hafnium was the primary threat group it detected using the four new vulnerabilities. Patches to fix the vulnerabilities have been released since the hack was discovered.
Tom Burt, Microsoft’s vice president for customer security, stated: “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”
Microsoft also stated that it has briefed U.S. government agencies on its finding but that the Hafnium attacks are not related to the recent SolarWinds hack which targeted U.S. federal agencies.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org