Lagos, Nigeria

Microsoft updates flaws in Exchange Server utilized by Chinese attackers

Microsoft logoSource: Daniel Rubino / Windows Central

Microsoft recently rolled out security updates to fix four vulnerabilities in Exchange Server software (via Engadget). The vulnerabilities were utilized in cyberattacks orchestrated by a group Microsoft calls Hafnium. As explained by a Microsoft blog post, Hafnium operates out of China and is “a highly skilled and sophisticated actor.”

Microsoft refers to Hafnium as a state-sponsored threat actor that operates out of China, but that primarily conducts its operations from leased virtual private services in the United States.

According to Microsoft, the primary targets of Hafnium include infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Microsoft outlines the three steps of the recent attacks:

First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.

Microsoft released security updates that will protect people running Exchange Server. Microsoft says that all Exchange Server customers should apply the updates immediately.

The company also briefed U.S. government agencies on the attacks.

Microsoft concludes the blog post by specifying that these attacks are not connected in any way to the SolarWinds attacks that have been in the headlines.

Microsoft has another post that breaks down the attacks in more technical detail.

We may earn a commission for purchases using our links. Learn more.

This post was written by Sean Endicott and was first posted to WindowsCentral

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

Tags: ,

%d bloggers like this: