Beijing consistently refuses to commit cyberespionage. (Representative)
A Chinese-linked cyberespionage group has been cracking remote mailboxes using newly discovered bugs in Microsoft’s mail server software, the company and researchers said out Tuesday – an example of how commonly used programs can be used to cast a wide web online.
In a blog post, Microsoft stated that the hockey campaign exploited four previously unrecognized vulnerabilities in different versions of the software and that it was the work of an organization blackmailing HAFNIUM, which it said as an entity with state aid operating out of China.
In a separate blog post, cybersecurity company Volexity said it saw in January that hackers were using one of the vulnerabilities to steal “content full of multiple users’ mailboxes.” Not everything they needed to know about an Exchange server and about the account they wanted to lose their emails, Volexity said.
The Chinese embassy in Washington did not return immediate messages seeking comment. Beijing has consistently refused to commit cyberespionage despite a heavy blow of accusations from the United States and others.
Ahead of the Microsoft news, the aggressive movements of hackers began to attract attention from across the cybersecurity community.
Mike McLellan, director of information for Secureworks Dell Technologies Inc, said ahead of the Microsoft news that he noticed a sudden spike in activity hitting Exchange servers over Sunday night, with about 10 customers affected on his company.
Microsoft’s series of near-ubiquitous results from the hack of SolarWinds, the Texas-based software company that has been a springboard for several government-wide installations has been scrutinized and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to disrupt their targets or dive further into affected networks.
Hackers who went after SolarWinds also hacked Microsoft itself, gaining access to and downloading source code – including elements of Exchange, email and the company’s calendar output.
McLellan said that, for now, the hockey activity he saw was focused on spawning malicious software and setting the stage for a potentially deeper harassment than just his. moving aggressively into networks instantly.
“We haven’t seen ongoing activity yet,” he said. “We are going to find many companies that are affected but a smaller number of companies have taken advantage of them. “
Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
(Except the headline, this story was not edited by NDTV staff and is published from syndicated food.)