ALL NEWS

Microsoft says a group of cyberattackers tied to China hit its Exchange email servers

Mar 3, 2021, 6:14 AM | Updated: 6:15 am

NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event t...

NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft's answer to Google's Chrome OS. (Photo by Drew Angerer/Getty Images)

(Photo by Drew Angerer/Getty Images)

    (CNN) — Microsoft says that a sophisticated group of hackers linked to China has exploited its popular email service that allowed them to gain access to computers.

In a blog post Tuesday, the company said that four vulnerabilities in its software allowed hackers to access servers for Microsoft Exchange, “which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.” The firm added that the online platform for Exchange, the cloud-based version of the service, was not affected.

Microsoft is now urging users to download software patches, or fixes, for the four different vulnerabilities that were found.

The company said that it believes the attacks were carried out by Hafnium, “a group assessed to be state-sponsored and operating out of China.” It did not offer evidence supporting the assessment, but said the “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures.”

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately,” it said.

“This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers.”

Hafnium is a network of hackers that “primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and [non-government organizations],” according to Microsoft.

Though the group is believed to be based in China, it usually strikes using virtual private servers based in the United States, the company said.

Asked about the Microsoft blog post, a spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”

“Connecting cyberattacks directly to the government is a highly sensitive political issue,” Wang Wenbin told reporters at a regular press briefing. “China hopes that relevant media and companies will adopt a professional and responsible attitude. When characterizing cyber incidents, it should be based on sufficient evidence, rather than unprovoked guesses.”

“Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products,” Tom Burt, Microsoft’s corporate vice president, customer security and trust, added in a separate blog post.

This isn’t Microsoft’s first tangle with Hafnium. The tech giant has previously — on separate, unrelated occasions — observed the group “interacting with victim” users of Office 365, it said.

But “this is the first time we’re discussing its activity,” wrote Burt.

“While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments,” the company said.

— CNN’s Beijing bureau contributed to this report.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Today’s Top Stories

All News

The OLRGC released an analysis of the expected topics to be discussed during a special session of t...

Simone Seikaly

Extending state flooding emergency, firearm restrictions, among topics for Utah special session

The OLRGC released an analysis of the expected topics to be discussed during a special session of the legislature.

11 months ago

A video recorded by Facebook user Larry Jacquez shows the police response following the shooting in...

Jamiel Lynch, CNN     

At least 3 people killed and 2 officers wounded in a shooting in Farmington, New Mexico, police say

Multiple people were shot and at least three killed in a shooting in Farmington, New Mexico, police said in a Facebook post.

11 months ago

A new release from Intermountain Healthcare shows that younger adults are becoming more susceptible...

Waverly Golden

Younger adults are becoming more susceptible to strokes

A new release from Intermountain Healthcare shows that younger adults are becoming more susceptible to stroke.

11 months ago

If you plan to camp over Memorial Day Weekend, you may want to begin the planning process now....

Allessandra Harris

Camping over Memorial Day Weekend? Plan ahead

If you plan to camp over Memorial Day Weekend, you may want to begin the planning process now.

11 months ago

slcpd on the scene of the deaths...

Josh Ellis

Police: Teen killed by father in murder-suicide in SLC office building

Police responded to the office complex near 3000 S. Highland Drive on Saturday after emergency responders received a call from a community member who reported finding a body.

11 months ago

Melissa Coleman crouches next to her husband, , Brad Coleman, of North Ogden, who sits in a wheelch...

Jenny Carpenter, KSL.com

Young stroke victim survives with quick, lifesaving treatment in northern Utah

After a 36-year-old man had a stroke, he and his wife say to be aware of the signs of stroke and that young people are also at risk.

11 months ago

Sponsored Articles

close up of rose marvel saliva blooms in purple...

Shannon Cavalero

Drought Tolerant Perennials for Utah

The best drought tolerant plants for Utah can handle high elevations, alkaline soils, excessive exposure to wind, and use of secondary water.

Group of cheerful team members high fiving each other...

Visit Bear Lake

How To Plan a Business Retreat in Bear Lake This Spring

Are you wondering how to plan a business retreat this spring? Read our sample itinerary to plan a team getaway to Bear Lake.

Cheerful young woman writing an assignment while sitting at desk between two classmates during clas...

BYU EMBA at the Marriott School of Business

Hear it Firsthand: 6 Students Share Their Executive MBA Experience at BYU’s Marriott School of Business

The Executive MBA program at BYU offers great opportunities. Hear experiences straight from students enrolled in the program.

Skier being towed by a rider on a horse. Skijoring....

Bear Lake Convention and Visitors Bureau

Looking for a New Winter Activity? Try Skijoring in Bear Lake

Skijoring is when someone on skis is pulled by a horse, dog, animal, or motor vehicle. The driver leads the skiers through an obstacle course over jumps, hoops, and gates.

Banner with Cervical Cancer Awareness Realistic Ribbon...

Intermountain Health

Five Common Causes of Cervical Cancer – and What You Can Do to Lower Your Risk

January is National Cervical Cancer Awareness month and cancer experts at Intermountain Health are working to educate women about cervical cancer.

Kid holding a cisco fish at winterfest...

Bear Lake Convention and Visitors Bureau

Get Ready for Fun at the 2023 Bear Lake Monster Winterfest

The Bear Lake Monster Winterfest is an annual weekend event jam-packed full of fun activities the whole family can enjoy.

Microsoft says a group of cyberattackers tied to China hit its Exchange email servers