Infectious disease researchers and universities were among the groups targeted by a sophisticated hacking group based in China, Microsoft reported on Tuesday.
(CN) — Email servers hosted by Microsoft were hacked by a sophisticated group based in China that used stolen passwords to gain entry to a full suite of health professionals, politicians and various other professionals.
Microsoft revealed the extent of the hack in a blog post Tuesday, saying a consortium called Hafnium used virtual servers in the U.S. to carry out a coordinated attack in an effort to lift secrets of all kinds pertinent to various different sectors.
“Hafnium operates from China, and this is the first time we’re discussing its activity,” the company said. “It is a highly skilled and sophisticated actor.”
The hacks are specific to Microsoft Exchange Software and its email service and does not extend to other Microsoft-designed products. The company encouraged anyone using Exchange Software to install updates that contain various patches as soon as possible.
“Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products,” Microsoft said.
Some of the targets include those working in infectious disease research, law firms, colleges and universities, defense contractors, think tanks and various nonprofits, according to Microsoft.
The hacking group, which Microsoft said is sponsored by China, is after secrets in all of these industries. The hacks that Microsoft detected occurred in 2013, 2016 and 2019.
Cybersecurity firm Volexity said it detected unusual activity deriving from Microsoft Exchange Server programs in January and found the operation based in China.
That campaign began as early as Jan. 6, the company said in its own blog post on the matter.
The firm first noticed two users exfiltrating data from two email exchanges and transferring that data to an illegitimate source.
“The attacker was using the vulnerability to steal the full contents of several user mailboxes,” the company said. “This vulnerability is remotely exploitable and does not require authentication of any kind, nor does it require any special knowledge or access to a target environment. The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail.”
The vulnerability exploited by the hackers does not extend to Microsoft Office 360, Volexity said.
Microsoft vowed to update its exchange servers dating back to 2010 as a precaution. Additionally, the company’s free malware detector, Microsoft Defender, has been updated to be able to detect Hafnium’s activities.
Since Google reported in 2010 that the Chinese government launched an attack on its servers to steal trade secrets, the U.S. has repeatedly been the subject of Chinese cyberattacks.
In 2009, a Congressional advisory group told federal lawmakers that China’s espionage efforts were “the single greatest risk to the security of American technologies.”
In February 2020, the federal government indicted four members of the People’s Liberation Army in China with the 2017 hack into Equifax, the credit reporting agency.