Microsoft announced on March 2 that a Chinese cyber espionage group had remotely looted email inboxes using newly discovered vulnerabilities in their mail server software. In a blog post, the tech giant said the hackers belonged to a government-sponsored group that is a “highly skilled and sophisticated actor.” The company added that the hacking campaign took advantage of four previously undiscovered vulnerabilities in different versions of its software.
Microsoft determined that hafnium was behind the hack “based on observed victimologies, tactics and procedures”.
“While we worked quickly to provide an update on the hafnium exploits, we know that many national state actors and criminal groups will act quickly to take advantage of any unpatched systems,” said Tom Burt, corporate vice president of customer trust at Microsoft and Security wrote in a blog post.
According to Microsoft, Hafnium carried out “limited and targeted attacks” by operating on leased virtual private servers. The software was accessed through stolen passwords or other security breaches, and malware was installed to obtain data.
The hack comes months after the SolarWinds Corp. was revealed. This breach allowed hackers to gain access to data from various government agencies that used the company’s software. This is one of the most comprehensive cyberattacks in modern history. It is believed that this attack was the work of hackers working on behalf of the Russian government.