Microsoft: China-based hackers found bug to target US firms

China-based government hackers have exploited a bug in Microsoft’s email server software to target U.S. organizations, the company said Tuesday.

Posted: Mar 3, 2021 1:04 PM

China-based government hackers have exploited a bug in Microsoft’s email server software to target U.S. organizations, the company said Tuesday.

Microsoft said that a “highly skilled and sophisticated” state-sponsored group operating from China has been trying to steal information from a number of American targets, including universities, defense contractors, law firms and infectious-disease researchers.

Microsoft said it has released security upgrades to fix the vulnerabilities to its Exchange Server software, which is used for work email and calendar services, mostly for larger organizations that have their own in-person email servers. It doesn’t affect personal email accounts or Microsoft’s cloud-based services.

The company said the hacking group it calls Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organization’s network.

Microsoft said the group is based in China but operates from leased virtual private servers in the U.S., helping it avoid detection.

The company based in Redmond, Washington, declined to name any specific targets or say how many organizations were affected.

Reston, Virginia-based cybersecurity firm Volexity, which Microsoft credits for helping to detect the intrusions, said its network security monitoring service began picking up on a suspiciously large data transfer in late January.

“They’re just downloading email, literally going to town,” said Steven Adair, Volexity’s president, who said the targets have included “defense contractors, international aid and development organizations, the NGO think-tank community.”

Adair said he’s concerned that the hackers will accelerate their activity in the coming days before organizations are able to install Microsoft’s security upgrades.

“As bad as it is now, I think it’s about to get a lot worse,” he said. “This gives them a limited amount of opportunity to go and exploit something. The patch isn’t going to fix that if they left their backdoor behind.”

Terre Haute
Clear
56° wxIcon
Hi: 70° Lo: 44°
Feels Like: 56°
Robinson
Clear
53° wxIcon
Hi: 70° Lo: 43°
Feels Like: 53°
Indianapolis
Partly Cloudy
59° wxIcon
Hi: 70° Lo: 47°
Feels Like: 59°
Rockville
Clear
56° wxIcon
Hi: 69° Lo: 44°
Feels Like: 56°
Casey
Clear
61° wxIcon
Hi: 68° Lo: 43°
Feels Like: 61°
Brazil
Clear
56° wxIcon
Hi: 69° Lo: 43°
Feels Like: 56°
Marshall
Clear
56° wxIcon
Hi: 70° Lo: 41°
Feels Like: 56°
Clear, Bright Moon
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1671275

Reported Deaths: 27903
CountyCasesDeaths
Cook63319811182
DuPage1078031375
Will910281124
Lake797931082
Kane68211868
Winnebago40918559
Madison40014592
St. Clair36230595
McHenry34584326
Champaign26931196
Peoria26845368
Sangamon25682284
McLean22947217
Tazewell20601330
Rock Island18783360
Kankakee17848248
Kendall16162113
Macon15259250
LaSalle14983285
Vermilion14303199
Adams13097152
DeKalb12114133
Williamson12027174
Whiteside8265183
Jackson808394
Boone790483
Coles7857122
Ogle754587
Grundy735386
Franklin7317115
Knox7244169
Clinton7113102
Macoupin6927104
Marion6907143
Henry661677
Effingham658099
Jefferson6523143
Livingston596098
Stephenson580992
Woodford575292
Randolph553799
Christian531882
Fulton525875
Monroe5243103
Morgan505299
Logan494274
Montgomery489881
Lee478060
Bureau442190
Saline433169
Perry432375
Fayette429564
Iroquois419977
McDonough373460
Shelby345848
Jersey335153
Crawford331330
Lawrence330833
Douglas326237
Union305848
Wayne301762
White279333
Richland279057
Hancock273035
Cass265330
Clark265240
Pike263358
Clay258254
Edgar256749
Bond255625
Warren243665
Ford242859
Carroll236038
Moultrie231433
Johnson225131
Wabash217019
Jo Daviess215129
Massac214148
Mason212752
Washington211628
De Witt204930
Greene204840
Mercer203435
Piatt200914
Cumberland189526
Menard171913
Jasper161021
Marshall141221
Hamilton133622
Schuyler107010
Brown106410
Pulaski103811
Edwards103418
Stark81228
Gallatin7878
Alexander71712
Scott7136
Henderson69814
Calhoun6902
Hardin59816
Putnam5614
Pope5476
Unassigned1632433
Out of IL70

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 1000163

Reported Deaths: 16309
CountyCasesDeaths
Marion1347632106
Lake660041156
Allen57441793
Hamilton46100461
St. Joseph44109607
Elkhart35696507
Vanderburgh32087477
Tippecanoe27796257
Johnson24902443
Hendricks23738354
Porter22802362
Madison18614404
Clark18424250
Vigo17347301
Monroe15180197
LaPorte15046250
Delaware14984259
Howard14626287
Kosciusko12217147
Hancock11630175
Bartholomew11505179
Warrick11255189
Floyd11013214
Wayne10897250
Grant9964218
Morgan9404176
Boone8863116
Dubois8227130
Dearborn817093
Henry8139151
Noble7984106
Marshall7838134
Cass7499119
Lawrence7403170
Shelby7138114
Jackson694088
Gibson6533113
Harrison644491
Huntington633999
Knox6273106
DeKalb626397
Montgomery6208109
Miami589797
Putnam575377
Clinton570271
Whitley560455
Steuben554675
Wabash5279101
Jasper524475
Jefferson506996
Ripley495685
Adams476073
Daviess4616113
Scott435869
Greene422096
Wells420987
Clay420260
White415962
Decatur4133101
Fayette404286
Jennings385160
Posey375343
LaGrange353978
Washington353249
Randolph341999
Spencer337342
Fountain332558
Sullivan326752
Starke313369
Owen312070
Fulton306567
Orange291762
Jay280445
Perry264752
Franklin264042
Carroll259132
Rush258832
Vermillion255454
Parke230026
Pike227943
Tipton226659
Blackford190540
Pulaski181855
Crawford158623
Newton156048
Benton150217
Brown144547
Martin137419
Switzerland134211
Warren120516
Union106815
Ohio84112
Unassigned0538