(Reuters) – A Chinese-linked cyber-espionage group has remotely controlled e-mail baskets with recently discovered flaws in Microsoft's e-mail server software, the company and external researchers said on Tuesday – an example of how common programs can be used to throw a wide network online.
In a blog post, Microsoft said that the hacking campaign used four previously undetected vulnerabilities in different versions of the software and was a group it calls HAFNIUM, which it described as a state.
In a separate blog post, cybersecurity company Volexity said in January it had seen hackers use one of the vulnerabilities to remotely "steal the entire contents of multiple user mailboxes." All they needed to know was the details of the Exchange server and the account they wanted to plunder, Volexity said.
China opposes all forms of cyberattacks, Chinese Foreign Ministry spokesman Wang Wenbin said at a news briefing in Beijing on Wednesday. [1
In the face of the Microsoft release, the increasingly aggressive progress of hackers began to attract attention throughout the cyber security community.
Mike McLellan, head of intelligence for Dell Technologies Inc. Secureworks, said before Microsoft's announcement that he had noticed a sudden increase in activity involving Exchange servers overnight on Sunday with about 10 customers affected by his business.
Microsoft's product package has been under review since the hack by SolarWinds, the Texas-based software company that served as a springboard for several government and private sector intrusions. In other cases, hackers used the way customers set up their Microsoft services to compromise their goals or dive deeper into affected networks.
Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code – including parts of Exchange, the company's email and calendar product.
McLellan said that the hacking activity he was currently seeing seemed to focus on sowing malware and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks directly. "We have not seen any follow-up activity yet," he said. "We will find many affected companies but a smaller number of companies that are actually being exploited."
Microsoft said the targets included infectious disease researchers, law firms, higher education institutions, defense entrepreneurs, political think tanks, and non-governmental groups. Catalog