San Francisco, US, Mar 2 (efe-epa).- United States multinational Microsoft warned Tuesday that state-sponsored hackers in China are targeting its business email product.
Through “previously unknown” security flaws, the hackers could access Exchange Server, control the server remotely, then steal company data, Microsoft said in a blog post.
This group of hackers, which Microsoft has named Hafnium, has previously sought to steal data from US organizations in fields as diverse as infectious disease research, law firms, higher education, defense contractors, think tanks and NGOs.
Corporate Vice President for Customer Security and Trust, Tom Burt, said that while the group “is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.”
Microsoft has released security updates and urged customers to apply them “immediately.”
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” it said.
It added that the hack was not connected to the so-called SolarWinds attack.
In December, one of the largest cybersecurity companies in the US, FireEye, reported that hackers linked to the government of a foreign country, suspected to be a Russia, broke into its network and stole offensive hacking tools it used to test for vulnerabilities in its customers’ systems.
FireEye described the attacker as “highly evasive” and described the hack as part of a global campaign.
Within days it was revealed that multiple US government agencies were also successfully targeted, including the departments of State, Commerce, Energy, Homeland Security, Treasury and National Institutes of Health.
Investigators discovered hackers had attacked through malware attached to updates to SolarWinds software, used by those affected. EFE-EPA