Microsoft at deployed a security update to fix four zero-day vulnerabilities in Exchange Server that malicious actors use to infiltrate businesses and organizations across industries. A Chinese state sponsored group called Hafnium has been behind most of the cyber attacks that exploited the vulnerabilities, the tech giant said in a post. Microsoft describes the group as a “highly skilled and sophisticated player” that primarily targets entities in the United States, including law firms, educational institutions, defense contractors and NGOs.
The group used the vulnerabilities to gain access to the Exchange Server account of its target, the company’s email and calendar server. He then installs a backdoor in their system to access them remotely, then uses that remote access to steal information from his victim. Microsoft says Hafnium operates primarily from leased virtual private servers in the United States, despite being based in China.
The tech giant thanks researchers at security firms Volexity and Dubex for briefing it on Hafnium’s activities and helping it resolve the issue. In his Publish Regarding the vulnerabilities, Volexity said that at least one of them does not require any authentication of any kind or even any special knowledge or access to a target environment. “The attacker only needs to know the server running Exchange and the account from which he wants to extract his emails,” the message read.
Microsoft has already informed the US government of Hafnium’s activities and encourages users to install the update. The company specifies, however, that these particular exploits are in no way related to the Linked to SolarWinds attacks. “