Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Microsoft: Chinese Hackers Have Been Exploiting Our Email Product to Steal Data

Gizmodo: “In the latest in a string of security-related headaches for Microsoft, the company warned customers Tuesday that state sponsored hackers from China have been exploiting flaws in one of its widely used email products, Exchange, in order to target American companies for data theft. In several recently published blog posts, the company listed four newly discovered zero-day vulnerabilities associated with the attacks, as well as patches and a list of compromise indicators. Users of Exchange have been urged to update to avoid getting hacked. Microsoft researchers have dubbed the main hacker group behind the attacks “HAFNIUM,” describing it as a “highly skilled and sophisticated actor” focused on conducting espionage via data theft. In past campaigns, HAFNIUM has been known to target a wide variety of entities throughout the U.S., including “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs,” they said. In the case of Exchange, these attacks have meant data exfiltration from email accounts. Exchange works with mail clients like Microsoft Office, synchronizing updates to devices and computers, and is widely used by companies, universities, and other large organizations. In the case of Exchange, these attacks have meant data exfiltration from email accounts…”

Sorry, comments are closed for this post.