 |
| The China affiliate group targeted the Microsoft Exchange bug |
Microsoft said: A Chinese cyber espionage organization is using a recently discovered vulnerability in Microsoft Exchange Server mail server software to remotely steal email mailboxes. Below is an example of some commonly used software that is used to perform spying activities on the Internet.
Microsoft stated on the blog that the hacking campaign used four previously unexplored vulnerabilities in various versions of the Microsoft Exchange Server mail server and was run by a group called HAFNIUM, which they named a Chinese government funded company.
In another article, network security firm Volexity said: In January, hackers took advantage of a vulnerability to steal all content from the mailboxes of multiple remote users.
Volexity said they just need to know the details of the Microsoft Exchange Server mail server software and the account they want to use to steal their email.
Despite claims by the United States and other countries, Beijing generally denies the practice of cyber espionage.
Before Microsoft spread the word, the radical hacking movement had increasingly attracted the attention of the entire network security community.
“I noticed a sudden increase in transaction-related Microsoft Exchange Server mail server software activity overnight.” About 10 of the company's customers are affected, Mike McClellan, director of intelligence at Dell Secureworks, told Microsoft.
Since the breakthrough of SolarWinds, Microsoft's ubiquitous portfolio of products has come under intense scrutiny. SolarWinds is a software company that is the springboard for many government and private network breaches.
In other cases, hackers use the way customers create their own Microsoft services to threaten targets or compromise an affected network.
Hackers who followed SolarWinds entered Microsoft itself, accessed the source code materials and downloaded them to a Microsoft Exchange Server mail server.
McClellan said the hacking activity he saw appeared to be focused on spreading malware and paving the way for deeper intrusion rather than an effective entry to the network instantly.
Microsoft said its goals are aimed at researchers in infectious diseases, law firms, higher education institutions, defense companies, think tanks and NGOs.