Microsoft: China-based hackers found bug to target US firms

Microsoft says China-based government hackers have exploited a bug in its email server software to target U.S. organizations

Microsoft China Hacking
Microsoft China Hacking

China-based government hackers have exploited a bug in Microsoft s email server software to target U.S. organizations, the company said Tuesday.

Microsoft said that a “highly skilled and sophisticated” state-sponsored group operating from China has been trying to steal information from a number of American targets, including universities, defense contractors, law firms and infectious-disease researchers.

Microsoft said it has released security upgrades to fix the vulnerabilities to its Exchange Server software, which is used for work email and calendar services, mostly for larger organizations that have their own in-person email servers. It doesn't affect personal email accounts or Microsoft's cloud-based services.

The company said the hacking group it calls Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organization's network.

Microsoft said the group is based in China but operates from leased virtual private servers in the U.S., helping it avoid detection.

The company based in Redmond, Washington, declined to name any specific targets or say how many organizations were affected.

Reston, Virginia-based cybersecurity firm Volexity, which Microsoft credits for helping to detect the intrusions, said its network security monitoring service began picking up on a suspiciously large data transfer in late January.

“They’re just downloading email, literally going to town," said Steven Adair, Volexity's president, who said the targets have included “defense contractors, international aid and development organizations, the NGO think-tank community."

Adair said he's concerned that the hackers will accelerate their activity in the coming days before organizations are able to install Microsoft's security upgrades.

“As bad as it is now, I think it’s about to get a lot worse," he said. “This gives them a limited amount of opportunity to go and exploit something. The patch isn’t going to fix that if they left their backdoor behind."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in