Chinese hackers target Microsoft Exchange email servers to launch attacks
Microsoft urges all its customers to immediately apply fixes
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have identified a “highly skilled and sophisticated” Chinese state-sponsored threat actor that’s using exploits inMicrosoft Exchangeto make away with confidential company data.
TheMicrosoftThreat Intelligence Center (MSTIC) detected multiplezero-dayexploits in its flagship on-premiseemailserver, which it said were primarily being used by the threat actor, dubbed Hafnium. The vulnerabilities have now been patched, and the software company urges all its business customers to update their Exchange server installations.
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack,” suggests Tom Burt, Microsoft’s Corporate Vice President of Customer Security & Trust.
Not a first
According to Microsoft Hafnium primarily goes after targets in the United States. While it’s based in China, it uses leased Virtual Private Servers (VPS) in the US to run its malicious operations.
In a blog post, MSTIC notes that they’re aware of a limited number of targeted attacks that’ve used the now-patched Exchange vulnerabilities.
Analyzing the modus operandi of the attacks, MSTIC says that “the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additionalmalwareto facilitate long-term access to victim environments.”
Burt notes that this is the eighth attack by a state-sponsored group that the company has disclosed in the past twelve months. According to reports, the company has briefed and shared its findings about the attack with US Government agencies.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:TechCrunch
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
