A group linked to China targeted the flaws of Microsoft Exchange

Microsoft said: A cyber espionage group linked to China is stealing email inboxes remotely using newly discovered flaws in Microsoft Exchange Server mail server software, an example of how commonly used programs are exploited for spying online.

Microsoft explained in a blog that the hacking campaign used four previously unexplored vulnerabilities in different versions of the Microsoft Exchange Server mail server and was the work of a group called HAFNIUM, which it described as a state-sponsored entity operating from China.

In a separate post, cybersecurity firm Volexity said: In January, it saw hackers use a vulnerability to steal the entire content of many remote user mailboxes.

All they need to know are the details of the Microsoft Exchange Server mail server software and the account whose emails they want to steal, Volexity said.

Beijing routinely denies engaging in cyber espionage, despite allegations from the United States and others.

And before Microsoft's announcement, increasingly aggressive hacker movements began to attract attention from across the cybersecurity community.

“I noticed a sudden spike in activity related to Microsoft Exchange Server mail server software overnight, with about 10 customers in the company affected,” (Mike McLellan), director of intelligence at Secureworks for Dell, said before Microsoft's announcement.

**Microsoft's **ubiquitous suite of products has been under scrutiny since the breakthrough of SolarWinds, a software company that has served as a springboard for numerous breaches of government and private networks.

In other cases, hackers took advantage of the way customers created their Microsoft services to threaten targets or dive further into affected networks.

Hackers who stalked SolarWinds infiltrated Microsoft itself, accessing and downloading source code - including elements of the Microsoft Exchange Server mail server.

The hacking activity he saw seemed to focus on spreading malware and paving the way for a deeper intrusion rather than moving aggressively to the networks immediately, McClellan said.

Microsoft said the targets include infectious disease researchers, law firms, higher education institutions, defense contractors, think tanks and nongovernmental groups.

CC/.
@crypto.piotr
@project.hope
@achim03,
@machnbirdsparo,
@gandhibaba,
@karamyog,
@mintymile,
@majes.tytyty,
@uyobong,
@ajewa,
@oluwatobiloba,
@josediccus,
@vlemon,
@awah,
@bala41288,
@unbiasedwriter,
@janettyanez,
@paragism,
@reeta0119,
@valchiz,
@tomoyan,
@mynima,
@joelagbo,
@wiseagent,
@shortsegments,
@munawar1235,
@fijimermaid,
@besticofinder,
@ritxi,
@deathcross,
@sumit71428,
@oredebby,
@belemo,
@qsyal,
@chesatochi,
@tolustx,
@mauromar,
@resiliencia,
@engrsayful,
@great-a,
@blockchainfo,
@culgin,
@monz122,
@eliorrios,
@sholly1,
@mccoy02,
@joseph1956,
@kamranrkploy,
@gifxlove,
@filotasriza3,
@videoaddiction,
@carapthian,
@churchangel,
@rarej,
@aderyn,
@foxicoreviews,
@knowledgefruit,
@vimukthi,
@doppley,
@adesojisouljay,
@metzli,
@nonsowrites,
@talktofaith,
@tanhunter254,
@mllg,
@elgranpoeta,
@pablo1601,
@certain,
@lebey1,
@kenny-writes,
@taiwo-writes,
@hawk-eye,
@retaliator,
@mato445,
@emimoron,
@davidgutre,
@anacristinasilva,
@funmiakinpelu,
@lanzjoseg,
@fucho80,
@juanmolina,
@alokkumar121,
@gbenga,
@thetimetravelerz,
@josevas217,
@hardaeborla,
@reinaldoverdu,
@carlos84,
@samminator,
@luckyali,
@franyeligonzalez,
@adityajainxds,
@mandate,
@tfame3865,
@ramsesuchiha,
@rbalzan79,
@amestyj,
@emiliomoron,
@trabajosdelsiglo,
@menoski,
@lupafilotaxia,
@madridbg,
@sandracarrascal,
@jadams2k18,
@tocho2,
@yusvelasquez,
@roronoa07,