Connect with us

Hi, what are you looking for?

World

State-sponsored hackers in China targeting email services: Microsoft

-

Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users.

The company said the hacking group, which it has named "Hafnium", is a "highly skilled and sophisticated actor".

Hafnium has in the past targeted US-based companies including infectious disease researchers, law firms, universities, defense contractors, think tanks and NGOs.

In a blog post on Tuesday, Microsoft executive Tom Burt said the company had released updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to apply them.

"We know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems," he added.

"Promptly applying today's patches is the best protection against this attack."

Microsoft said the group was based in China but operated through leased virtual private servers in the United States, and that it had briefed the US government.

Beijing has previously hit back at US accusations of state-sponsored cybertheft. Last year it accused Washington of smears following allegations that Chinese hackers were attempting to steal coronavirus research.

In January, US intelligence and law enforcement agencies said Russia was probably behind a massive SolarWinds hack that shook the government and corporate security, contradicting then-president Donald Trump who had suggested China could be to blame.

Microsoft said Tuesday the Hafnium attacks "were in no way connected to the separate SolarWinds-related attacks."

Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users.

The company said the hacking group, which it has named “Hafnium”, is a “highly skilled and sophisticated actor”.

Hafnium has in the past targeted US-based companies including infectious disease researchers, law firms, universities, defense contractors, think tanks and NGOs.

In a blog post on Tuesday, Microsoft executive Tom Burt said the company had released updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to apply them.

“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” he added.

“Promptly applying today’s patches is the best protection against this attack.”

Microsoft said the group was based in China but operated through leased virtual private servers in the United States, and that it had briefed the US government.

Beijing has previously hit back at US accusations of state-sponsored cybertheft. Last year it accused Washington of smears following allegations that Chinese hackers were attempting to steal coronavirus research.

In January, US intelligence and law enforcement agencies said Russia was probably behind a massive SolarWinds hack that shook the government and corporate security, contradicting then-president Donald Trump who had suggested China could be to blame.

Microsoft said Tuesday the Hafnium attacks “were in no way connected to the separate SolarWinds-related attacks.”

AFP
Written By

With 2,400 staff representing 100 different nationalities, AFP covers the world as a leading global news agency. AFP provides fast, comprehensive and verified coverage of the issues affecting our daily lives.

You may also like:

Social Media

Wanna buy some ignorance? You’re in luck.

Tech & Science

Under new legislation that passed the House of Representatives last week, TikTok could be banned in the United States.

Life

Platforms like Instagram and Pinterest often suggest travel destinations based on your likes and viewing habits.

Social Media

From vampires and wendigos to killer asteroids, TikTok users are pumping out outlandish end-of-the-world conspiracy theories.