ALL NEWS

Microsoft says a group of cyberattackers tied to China hit its Exchange email servers

Mar 3, 2021, 6:14 AM | Updated: 6:15 am
NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event t...
NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft's answer to Google's Chrome OS. (Photo by Drew Angerer/Getty Images)
(Photo by Drew Angerer/Getty Images)

    (CNN) — Microsoft says that a sophisticated group of hackers linked to China has exploited its popular email service that allowed them to gain access to computers.

In a blog post Tuesday, the company said that four vulnerabilities in its software allowed hackers to access servers for Microsoft Exchange, “which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.” The firm added that the online platform for Exchange, the cloud-based version of the service, was not affected.

Microsoft is now urging users to download software patches, or fixes, for the four different vulnerabilities that were found.

The company said that it believes the attacks were carried out by Hafnium, “a group assessed to be state-sponsored and operating out of China.” It did not offer evidence supporting the assessment, but said the “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures.”

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately,” it said.

“This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers.”

Hafnium is a network of hackers that “primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and [non-government organizations],” according to Microsoft.

Though the group is believed to be based in China, it usually strikes using virtual private servers based in the United States, the company said.

Asked about the Microsoft blog post, a spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”

“Connecting cyberattacks directly to the government is a highly sensitive political issue,” Wang Wenbin told reporters at a regular press briefing. “China hopes that relevant media and companies will adopt a professional and responsible attitude. When characterizing cyber incidents, it should be based on sufficient evidence, rather than unprovoked guesses.”

“Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products,” Tom Burt, Microsoft’s corporate vice president, customer security and trust, added in a separate blog post.

This isn’t Microsoft’s first tangle with Hafnium. The tech giant has previously — on separate, unrelated occasions — observed the group “interacting with victim” users of Office 365, it said.

But “this is the first time we’re discussing its activity,” wrote Burt.

“While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments,” the company said.

— CNN’s Beijing bureau contributed to this report.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Today’s Top Stories

All News

Residents stand in front of building destroyed by missiles in Ukraine...
FRANCESCA EBEL Associated Press

Russian missiles kill at least 19 in Ukraine’s Odesa region

The Ukrainian president's office said three Kh-22 missiles fired by Russian bombers struck an apartment building and a campsite.
10 hours ago
The Great Salt Lake Fringe Festival will make its in-person comeback from July 28 to Aug. 7. Courte...
Devin Oldroyd

The Great Salt Lake Fringe Festival is coming back to Salt Lake City

The Great Salt Lake Fringe Festival will make its in-person comeback from July 28 to Aug. 7.
1 day ago
Utah's Hogle Zoo welcomes a new red panda, Priya, to its Asian Highlands exhibit. Photo credit: Uta...
Devin Oldroyd

Hogle Zoo welcomes new Red Panda in effort to conserve the species

Utah's Hogle Zoo welcomes a new red panda, Priya, to its Asian Highlands exhibit. It hopes to breed her with Mow Mow, a red panda currently living there.
1 day ago
Delta Pilots Protest....
Aimee Cobabe

Delta pilots picketing in Salt Lake City and across the country

The Delta pilots said they are trying to put increased pressure on the airline to speed up contract negotiations. Leading in areas such as pay.
1 day ago
Animal Shelter...
Amie Schaeffer

Keeping pets safe during firework season

Salt Lake County Animal Services gives tips to keep pets safe during fireworks to keep them calm and protected.
1 day ago
President Joe Biden speaks during a news conference on the final day of the NATO summit in Madrid, ...
DARLENE SUPERVILLE and ZEKE MILLER Associated Press

Biden says transatlantic alliance has adapted to new threats

Biden's comments came at a press conference in Madrid at the conclusion of the annual meeting of NATO leaders and after he attended a summit with the Group of Seven advanced democratic economies in the Bavarian Alps.
1 day ago

Sponsored Articles

Tax Harassment...
Jordan Wilcox

The best strategies for dealing with IRS tax harassment | You have options!

Learn how to deal with IRS tax harassment. This guide will teach you how to stop IRS phone calls and letters, and how to handle an IRS audit.
spend a day at Bear Lake...
Bear Lake Convention and Visitors Bureau

You’ll love spending the day at Bear Lake | How to spend a day at Bear Lake

Bear Lake is a place that needs to be experienced. Spend a day at Bear Lake.
Curb Appeal...
Price's Guaranteed Doors

How to have the best of both worlds for your house | Home security and curb appeal

Protect your home and improve its curb appeal with the latest security solutions like beautiful garage doors and increased security systems.
Prescription opioids can be disposed of during National Prescription Take Back Day...
Know Your Script

Prescription opioid misuse | How to protect your family from the opioid epidemic

Studies have shown that prescription opioid misuse has increased since COVID-19. So what do you need to know about these opioids?
national heart month...
Intermountain Healthcare

National Heart Month: 5 Lifestyle Changes to Make Today to Keep You Heart Healthy

Heart disease is the leading cause of death for both men and women. One person dies every 36 seconds in the United States from cardiovascular disease
Joseph Smith Memorial Building...
Temple Square

The Joseph Smith Memorial Building is an icon of Salt Lake City | Why hosting an event at this beautiful location will make you a hero this year

Here's why hosting an event at the iconic Joseph Smith Memorial Building in downtown Salt Lake City will make you a hero this year.
Microsoft says a group of cyberattackers tied to China hit its Exchange email servers