Microsoft is warning customers that a new China state-sponsored threat actor software server-built enterprise email product is taking advantage of previously unknown security flaws in Exchange Server.
The technology company said on Tuesday that it believes the hacking group, which it calls Hafenium, tries to steal information from a wide range of US-based organizations, including law firms and defense contractors, but infectious disease researchers And also a policy think tank.
Microsoft said that Hafnium used four newly discovered security vulnerabilities to breach Exchange email servers running on the company network, granting attackers to steal data from the victim’s organization – such as email accounts and address books – And the ability to plant malware. When used together, the four vulnerabilities create an attack chain that can compromise vulnerable servers running Exchange 2013 and later.
Hafnium operates out of China, but uses servers located in the US to launch its attacks, the company said. Microsoft stated that hafnium was the only threat group that has detected using these four new vulnerabilities.
Microsoft declined to say how many successful attacks it had seen, but described the number as “limited”.
Patches are now out to fix those four security vulnerabilities, a week earlier than the company’s typical patching schedule, usually reserved for the second Tuesday in each month.
Microsoft’s vice president for customer security, Tom Burt, said, “Even though we’ve worked quickly to deploy an update to Hafnium’s adventures, we know that many nation-state actors and criminal groups can use any unpublished system. Will move quickly to reap the benefits. ” .
The company said it has also informed US government agencies on its findings, but is not related to the hafnium attacks SolarWinds-related espionage operations Against US federal agencies. In the last days of the Trump administration, the National Security Agency and FBI stated that SolarWinds Campaign Originally “was likely to be Russian.”