Chinese hackers target Microsoft Exchange email servers to launch attacks

Zero-day attack
(Image credit:

Security researchers have identified a “highly skilled and sophisticated” Chinese state-sponsored threat actor that’s using exploits in Microsoft Exchange to make away with confidential company data.

The Microsoft Threat Intelligence Center (MSTIC) detected multiple zero-day exploits in its flagship on-premise email server, which it said were primarily being used by the threat actor, dubbed Hafnium. The vulnerabilities have now been patched, and the software company urges all its business customers to update their Exchange server installations.

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack,” suggests Tom Burt, Microsoft’s Corporate Vice President of Customer Security & Trust.

Not a first

According to Microsoft Hafnium primarily goes after targets in the United States. While it’s based in China, it uses leased Virtual Private Servers (VPS) in the US to run its malicious operations.

In a blog post, MSTIC notes that they’re aware of a limited number of targeted attacks that’ve used the now-patched Exchange vulnerabilities. 

Analyzing the modus operandi of the attacks, MSTIC says that “the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.”

Burt notes that this is the eighth attack by a state-sponsored group that the company has disclosed in the past twelve months. According to reports, the company has briefed and shared its findings about the attack with US Government agencies.

Via: TechCrunch

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.