Microsoft claims Chinese hackers targeted users via mail server software
Microsoft claimed late on Tuesday that a China-linked cyber-espionage group had targeted users through flaws in the company’s mail server software.
In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software.
According to the company, the hackers are a state-sponsored entity operating out of China called Hafnium but the Chinese government has rejected such claims.
“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs,” wrote Microsoft.
Chinese foreign ministry spokesman Wang Wenbin said at a news briefing in Beijing on Wednesday: “China wishes relevant media and companies take a professional and responsible attitude, and base characterizations of cyber-attacks on ample evidence, rather than groundless guesses and accusations."
Cyber-security company Volexity and Dell Technologies also reported dangerous activity on their own servers ahead of Microsoft’s blog post.
Mike McLellan, director of intelligence for Dell Technologies Inc’s Secureworks, said that for now, the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.
“We haven’t seen any follow-on activity yet,” he said. “We’re going to find a lot of companies affected but a smaller number of companies actually exploited.”
Microsoft’s suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm.
The company said in the blog post on Tuesday that the latest exploits were in no way connected to the separate SolarWinds-related attacks.
“We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.”