In a blog post, Microsoft said the hacking campaign made use
of four previously undetected vulnerabilities in different versions of the
software and was the work of a group it dubs HAFNIUM, which it described as a
state-sponsored entity operating out of China.
In a separate blog post, cybersecurity firm Volexity said
that in January it had seen the hackers use one of the vulnerabilities to
remotely steal "the full contents of several user mailboxes." All
they needed to know were the details of Exchange server and of the account they
wanted to pillage its emails, Volexity said.
The Chinese Embassy in Washington did not immediately return
messages seeking comment. Beijing routinely denies carrying out cyberespionage
despite a drumbeat of allegations from the United States and others.
Ahead of the Microsoft announcement, the hackers'
increasingly aggressive moves began to attract attention from across the
cybersecurity community.
Mike McLellan, director of intelligence for Dell
Technologies Inc's Secureworks, said ahead of the Microsoft announcement that
he had noticed a sudden spike in activity touching Exchange servers overnight
on Sunday, with around 10 customers affected at his firm.
Microsoft's near-ubiquitous suite of products has been under
scrutiny since the hack of SolarWinds, the Texas-based software firm that
served as a springboard for several intrusions across government and the
private sector. In other cases, hackers took advantage of the way customers had
set up their Microsoft services to compromise their targets or dive further
into affected networks.
Hackers who went after SolarWinds also breached Microsoft
itself, accessing and downloading source code - including elements of Exchange,
the company's email and calendaring product.
McLellan said that for now, the hacking activity he had seen
appeared focused on seeding malicious software and setting the stage for a
potentially deeper intrusion rather than aggressively moving into networks
right away.
"We haven't seen any follow-on activity yet," he
said. "We're going to find a lot of companies affected but a smaller
number of companies actually exploited."
Microsoft said targets included infectious disease
researchers, law firms, higher education institutions, defense contractors,
policy think tanks, and non-governmental groups.
0 comments:
Post a Comment