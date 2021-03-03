



Chinese government hackers exploited a bug in Microsoft’s mail server software to target U.S. organizations, the company said on Tuesday.

Microsoft said a highly skilled and sophisticated state-funded group operating in China attempted to steal information from a number of US targets, including universities, defense contractors, law firms and infectious disease researchers.

Microsoft said it has released security upgrades to address vulnerabilities in its Exchange Server software, which is used for business email and calendar services, primarily for large organizations that have their own in-person email servers. It does not affect personal email accounts or Microsoft cloud services.

The company said the hacking group it calls Hafnium was able to trick Exchange servers into giving it access. The hackers then posed as someone who should have access to it and created a way to control the server remotely so that they could steal data over an organization’s network.

Microsoft said the group was based in China but operated from virtual private servers leased in the United States, which helped it avoid detection.

The Redmond, Wash., Based company declined to name specific targets or say how many organizations were affected.

Reston, Va.-Based cybersecurity firm Volexity, to which Microsoft credits its aid for helping detect intrusions, said its network security watchdog has started to respond to a strangely large data transfer. at the end of January.

They’re just downloading emails, literally going to town, “said Steven Adair, president of Volexity, who said the targets included defense contractors, international aid and development organizations, the community of NGO think tanks. “

Adair said he is concerned that hackers will ramp up their business in the coming days before organizations are able to install security upgrades from Microsoft.

As bad as it is now, I think it’s about to get a lot worse, ”he said. It gives them a limited amount of opportunity to exploit something. The fix won’t fix this if they left their backdoor behind.

