ALL NEWS

Microsoft says a group of cyberattackers tied to China hit its Exchange email servers

Mar 3, 2021, 6:14 AM | Updated: 6:15 am
NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event t...
NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft's answer to Google's Chrome OS. (Photo by Drew Angerer/Getty Images)
(Photo by Drew Angerer/Getty Images)

    (CNN) — Microsoft says that a sophisticated group of hackers linked to China has exploited its popular email service that allowed them to gain access to computers.

In a blog post Tuesday, the company said that four vulnerabilities in its software allowed hackers to access servers for Microsoft Exchange, “which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.” The firm added that the online platform for Exchange, the cloud-based version of the service, was not affected.

Microsoft is now urging users to download software patches, or fixes, for the four different vulnerabilities that were found.

The company said that it believes the attacks were carried out by Hafnium, “a group assessed to be state-sponsored and operating out of China.” It did not offer evidence supporting the assessment, but said the “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures.”

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately,” it said.

“This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers.”

Hafnium is a network of hackers that “primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and [non-government organizations],” according to Microsoft.

Though the group is believed to be based in China, it usually strikes using virtual private servers based in the United States, the company said.

Asked about the Microsoft blog post, a spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”

“Connecting cyberattacks directly to the government is a highly sensitive political issue,” Wang Wenbin told reporters at a regular press briefing. “China hopes that relevant media and companies will adopt a professional and responsible attitude. When characterizing cyber incidents, it should be based on sufficient evidence, rather than unprovoked guesses.”

“Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products,” Tom Burt, Microsoft’s corporate vice president, customer security and trust, added in a separate blog post.

This isn’t Microsoft’s first tangle with Hafnium. The tech giant has previously — on separate, unrelated occasions — observed the group “interacting with victim” users of Office 365, it said.

But “this is the first time we’re discussing its activity,” wrote Burt.

“While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments,” the company said.

— CNN’s Beijing bureau contributed to this report.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Today’s Top Stories

All News

emergency snow...
Elizabeth Weiler

Emergency snow preparation will prove vital this winter

SALT LAKE CITY — As the inches of snow accumulate, emergencies may become a reality for Utahns. A combination of tools and resources could be a lifesaver. Wade Mathews, with the Utah Division of Emergency Management, said that a preparedness mindset is the best prevention for danger. Starting your excursion with a charged cell phone […]
10 hours ago
dangerous avalanche...
Kira Hoffelmeyer and Elizabeth Weiler

Snow storm brings highly dangerous avalanche conditions

SALT LAKE CITY — The Utah Avalanche Center is warning of highly dangerous avalanche conditions this morning.  Specifically, Salt Lake County mountains have a high danger rating.  Dangerous avalanche conditions may result in traffic issues and adjustments to morning commutes are temperatures drop below freezing.  In the 2021-2022 avalanche season, Utah reported no fatalities in […]
10 hours ago
Flowers and stuffed animals are lined up outside a sign along Pullman Road in Moscow, Idaho, to pay...
Elizabeth Wolfe and Eric Levenson

University of Idaho students return from break, no arrests in homicides

After more than two weeks since four students were fatally stabbed, students at the University of Idaho returned to class on Monday.
10 hours ago
lake effect snow really did a number on the wasatch front this morning...
KSL NewsRadio

Schools, commute delayed because of early morning lake effect snow

A dumping of lake effect snow delayed commuters and school openings.
10 hours ago
Former Vice President Mike Pence is seen here with audience members after appearing at at CNN town ...
Veronica Stracqualursi, CNN

Pence says Trump was ‘wrong’ for dinner with Holocaust denier

Former Vice President Mike Pence says former President Donald Trump was wrong for having dinner with a Holocaust denier and should apologize for it.
10 hours ago
A plow truck driver plows after a snowstorm in Salt Lake City on Wednesday, Feb. 17, 2021....
Kate Davis, Amie Schaeffer

Tracking snowplows in SLC

Salt Lake City has a fleet of 45 snowplows available for dispatch during winter storms that can be tracked in real-time by residents.
10 hours ago

Sponsored Articles

Happy joyful smiling casual satisfied woman learning and communicates in sign language online using...
Sorenson

The best tools for Deaf and hard-of-hearing workplace success

Here are some of the best resources to make your workplace work better for Deaf and hard-of-hearing employees.
Team supporters celebrating at a tailgate party...
Macey's

8 Delicious Tailgate Foods That Require Zero Prep Work

In a hurry? These 8 tailgate foods take zero prep work, so you can fuel up and get back to what matters most: getting hyped for your favorite
christmas decorations candles in glass jars with fir on a old wooden table...
Western Nut Company

12 Mason Jar Gift Ideas for the 12 Days of Christmas [with recipes!]

There are so many clever mason jar gift ideas to give something thoughtful to your neighbors or friends. Read our 12 ideas to make your own!
wide shot of Bear Lake with a person on a stand up paddle board...

Pack your bags! Extended stays at Bear Lake await you

Work from here! Read our tips to prepare for your extended stay, whether at Bear Lake or somewhere else nearby.
young boy with hearing aid...
Sorenson

Accommodations for students who are deaf and hard of hearing

These different types of accommodations for students who are deaf and hard of hearing can help them succeed in school.
Young woman receiving laser treatment...
Form Derm Spa

How facial plastic surgery and skincare are joining forces

Facial plastic surgery is not only about looking good but about feeling good too. The medical team at Form Spa are trained to help you reach your aesthetic outcomes through surgery and through skincare and dermatology, too.
Microsoft says a group of cyberattackers tied to China hit its Exchange email servers