Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft says China-backed hackers are exploiting Exchange zero-days
#1
Quote:Microsoft is warning customers that a new China state-sponsored threat actor is exploiting four previously undisclosed security flaws in Exchange Server, an enterprise email product built by the software giant.
 
The technology company said Tuesday that it believes the hacking group, which it calls Hafnium, tries to steal information from a broad range of U.S.-based organizations, including law firms and defense contractors, but also infectious disease researchers and policy think tanks.
 
Microsoft said Hafnium used the four newly discovered security vulnerabilities to break into Exchange email servers running on company networks, granting the attackers to steal data from a victim’s organization — such as email accounts and address books — and the ability to plant malware. When used together, the four vulnerabilities create an attack chain that can compromise vulnerable on-premise servers running Exchange 2013 and later.
 
Hafnium operates out of China, but uses servers located in the U.S. to launch its attacks, the company said. Microsoft said that Hafnium was the primary threat group it detected using these four new vulnerabilities. (An earlier version of Microsoft’s [color=var(--theme-link_a)]blog post incorrectly said Hafnium was the “only” group to exploit the vulnerabilities.)[/color]
 
Microsoft declined to say how many successful attacks it had seen, but described the number as “limited.”
 
Patches to fix those four security vulnerabilities are now out, a week earlier than the company’s typical patching schedule, usually reserved for the second Tuesday in each month.
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” said Tom Burt, Microsoft’s vice president for customer security.
 
The company said it has also briefed U.S. government agencies on its findings, but that the Hafnium attacks are not related to [color=var(--theme-link_a)]the SolarWinds-related espionage campaign against U.S. federal agencies. In the last days of the Trump administration, the National Security Agency and the FBI said that [color=var(--theme-link_a)]the SolarWinds campaign[/color] was “likely Russian in origin.”[/color]

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers now use Microsoft OneNote attachments to spread malware tarekma7 0 612 01-24-2023 , 10:21 AM
Last Post: tarekma7
  Ransomware gang uses new Microsoft Exchange exploit to breach servers tarekma7 0 580 12-21-2022 , 09:00 AM
Last Post: tarekma7
  Hackers breached China’s National Games ahead of last year’s competition Mohammad.Poorya 0 846 02-04-2022 , 05:27 PM
Last Post: Mohammad.Poorya
  Microsoft seizes sites used by APT15 Chinese state hackers mrtrout 0 965 12-07-2021 , 11:16 AM
Last Post: mrtrout
  Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds mrtrout 0 1,019 11-25-2021 , 02:58 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)