Hundreds of Companies Compromised by Chinese Hackers Due to Microsoft Exchange Server Exploit

Alleged Chinese hackers have reportedly breached hundreds of companies due to a vulnerability in Microsoft’s Exchange Server.

According to Microsoft, the Chinese government-backed hacking group called Hafnium used a zero-day exploit last February to access the email servers of corporations and organizations across the world.

Microsoft had identified at least four vulnerabilities and classified them as critical, meaning hackers can use them unseen to steal emails and other data.

The extent of the attack is still undetermined but the US government’s cybersecurity agency (CISA) issued an emergency warning that the attack may have affected hundreds if not thousands of users.

The vulnerabilities were patched last Feb. 26, but cybersecurity researchers speculated that the attack may have impacted 30,000 users and have left backdoors for other attackers to use.

Eset and FireEye reported that multiple groups, most believed to be based in China, are now using the backdoors to launch coordinated attacks.

“As always, it is complex but it is very likely that Hafnium gifted these ‘zero days’ to government-sanctioned groups to actively use the flaws once they were rumbled,” explained Jake Moore at Eset

Most of Microsoft’s Exchange Servers users are small businesses but local and state governments and some military contractors are also known to use the service which presents security risks.

Wang Wenbin, a spokesman for China’s Ministry of Foreign Affairs, however, defended that attributing the attacks to them is a political and sensitive matter.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.