In a statement, Microsoft cyber security experts along with cyber security experts from outside of the company said, a cyberespionage group from China has been remotely plundering email inboxes using 0-day exploits in Microsoft mail server software.
In a blog post Microsoft said, the cyber-espionage group dubbed as HAFNIUM, a state-sponsored entity operating out of China exploited at least 0-day, meaning previously undetected vulnerabilities, in its server software.
In a separate blog post, cybersecurity firm Volexity said, it had detected hackers from this group use one of the vulnerabilities to remotely steal “the full contents of several user mailboxes.”
All they needed to know were the details of Exchange server and the name of the account they wanted to pillage, said Volexity.
The Chinese Embassy in Washington did not immediately respond to requests for comment.
China routinely denies carrying out cyber-espionages although earlier this week, it issued a veiled warning to India after carrying out a cyber attack on Mumbai’s electric grid. There has been a drumbeat of allegations from the United States and other countries.
According to Mike McLellan, the director of intelligence at Dell Technologies Inc’s Secureworks, he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.
Since the SolarWinds hacking campaign, Microsoft’s near-ubiquitous suite of products has been under scrutiny.
In several other cases, hackers exploited weaknesses in the way customers had set up their Microsoft services and either compromise targets or dove further into affected networks.
Hackers who went after SolarWinds also breached servers at Microsoft. They accessed and downloaded source code from several Microsoft softwares including from Exchange, E-Mail and calendaring products.
For now, HAFNIUM’s activity appears to be focused on implanting malicious software thus setting the stage for a deeper intrusion, said McLellan.
He went on to add, “We haven’t seen any follow-on activity yet. We’re going to find a lot of companies affected but a smaller number of companies actually exploited.”
According to Microsoft, the targets of the cyber-attack included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.