Microsoft Corp. said a Chinese hacking group thought to have government backing is targeting previously unknown security flaws in an email product used by businesses.
The company said Tuesday that the group, which it calls “Hafnium,” is targeting vulnerabilities in versions of Exchange Server, an email and calendar application, that run on computer systems in physical offices. Hafnium previously has tried to steal information from infectious disease researchers, law firms, defense contractors and others, Microsoft said.
Microsoft urged customers to update their Exchange Server to patch four vulnerabilities and warned of spinoff attacks.
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, Microsoft’s corporate vice president of customer trust and security, said in a blog post.
Researchers at Microsoft attributed the activity, which they are discussing publicly for the first time, to a state-sponsored Chinese group with a high degree of confidence based on its tactics. The Chinese Embassy in Washington didn’t immediately respond to a request for comment.
Hafnium launched “limited and targeted attacks” through leased virtual private servers in the U.S., according to Microsoft. Hackers accessed victims’ Exchange Server software through either stolen passwords or vulnerabilities to install malware that would help extract data, the company said.
Microsoft said it has no evidence that individual customers—rather than businesses and other organizations—were affected. Exchange Online, a version of the email app that runs on the cloud, remained unscathed, the company said.
The disclosure comes days after a Senate hearing in which Microsoft President Brad Smith and other technology executives called for greater cybersecurity coordination across the public and private sectors in response to the hack last year of Texas-based software provider SolarWinds Corp.
Microsoft, which said Tuesday it has briefed federal officials on Hafnium, added that the activity isn’t connected to the SolarWinds breach. Federal officials have said that attack, which affected at least nine U.S. agencies and 100 companies, including Microsoft, likely originated in Russia. Moscow has denied responsibility.
Write to David Uberti at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8