- Microsoft said that its Exchange email product had been compromised by Chinese hackers.
- The company said it believes the group, which it named “Hafnium,” was supported by the Chinese state.
- Microsoft also released security updates to combat the hacks.
- Visit the Business section of Insider for more stories.
Microsoft announced Tuesday that its Exchange email product had been hacked, and that it believes China is behind the attack.
Tom Burt, Microsoft’s corporate vice president of customer security and trust, wrote in a blog post that the company had identified a “state-sponsored threat actor” it referred to as “Hafnium.”
Hafnium, he said, typically uses virtual servers located in the US to infiltrate vulnerable institutions, including infectious-disease researchers, law firms, higher education institutions, and NGOs.
According to Burt, the hacking group took advantage of several security vulnerabilities within the email client to steal data and plant, and more alarmingly, to compromise servers running Exchange.
Once Hafnium made its way inside company servers, it could create a “web shell” to control servers remotely and steal data from company networks.
In addition to the warning, Microsoft also released several security updates designed to combat the hacks, but noted that “even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”
Burt also noted that Exchange server is “primarily used by business customers” and said that there was “no evidence” that Hafnium was targeting individual consumers or that any other Microsoft products were impacted. He also said that the attack was not believed to be related to prior SolarWinds hacks.
Chinese Foreign Ministry spokesman Wang Wenbin responded to Microsoft’s accusations in a Wednesday press briefing, saying there was not enough evidence to draw a conclusion on the Exchange hack’s origins, according to Bloomberg.
This is the eighth time in the last 12 months that Microsoft has publicly reported state-sponsored hacks.