Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Microsoft reveals Chinese hack targeting Microsoft Exchange

Credit: Apple

Last updated

Microsoft has disclosed evidence that "Hafnium," a new Chinese hacking group, has been targeting US servers running Microsoft's email system.

Following the 2020 US Treasury Department hack which involved compromised Microsoft Office accounts, Microsoft has now disclosed a separate attack on its systems. Organized by a group Microsoft has codenamed "Hafnium," it's described as a "highly skilled and sophisticated" attack.

"Today, we're sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium," said Microsoft in a blog announcement. "Hafnium operates from China, and this is the first time we're discussing its activity. It is a highly skilled and sophisticated actor."

Hafnium — unrelated to the material used in Intel processors — is based in China. However, "it conducts its operations primary from leased virtual private servers (VPS) in the United States."

"Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software," continues Microsoft. "First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access."

"Second, it would create what's called a web shell to control the compromised server remotely," says the announcement. "Third, it would use that remote access - run from the U.S.-based private servers - to steal data from an organization's network."

Microsoft says that it has "worked quickly to deploy an update" to address the "Hafnium exploits." However, it also says that the attack technique targeted only business customers.

"We strongly encourage all Exchange Server customers to apply these updates immediately," it says. "Exchange Server is primarily used by business customers, and we have no evidence that Hafnium's activities targeted individual consumers or that these exploits impact other Microsoft products."

Microsoft also reports that it has briefed "appropriate US government agencies on this activity."

According to the company, this is the eighth time in a year that it has uncovered and disclosed "nation-state groups targeting institutions critical to civil society." While all of these were concerned with corporations instead of individuals, there have previously been vulnerabilities in Microsoft Office that affected Mac users.



6 Comments

Dogperson 5 Years · 137 comments

Meanwhile, we are fighting about the oil-stans. China is the real threat enemy state. Not sure why peaceful co-existence is not possible. 

But we MUST have cheap TVs!
edited for clarity?

2 Likes · 0 Dislikes
6502 11 Years · 382 comments

"They’re not bad folks, folks … They’re not competition for us.

" - J. Biden.

1 Like · 0 Dislikes
docbburk 8 Years · 109 comments

Enough is enough!  

1 Like · 0 Dislikes
tokyojimu 18 Years · 531 comments

The NSA is probably doing the same against China. But China doesn’t disclose when they’ve been hacked. 

1 Like · 0 Dislikes
hexclock 11 Years · 1323 comments

tokyojimu said:
The NSA is probably doing the same against China. But China doesn’t disclose when they’ve been hacked. 

They have no technology we need to steal. 

2 Likes · 0 Dislikes