Microsoft has been targeted by a sophisticated group of hackers linked to China, which has exploited its email service and gained access to computers.
In a blog post on Tuesday, the company said that the hackers, which are believed to be from Hafnium which is a state-sponsored group operating out of China, were able to access servers for Microsoft exchange via four software vulnerabilities.
This “enabled access to email accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments,” the blog post said.
Microsoft confirmed that the online cloud-based platform was unaffected.
The company is now urging users to download software patches, or fixes, to protect users from the gaps in its security.
“We are sharing this information with our customers and the security community to emphasise the critical nature of these vulnerabilities and the importance of patching all affected systems immediately,” Microsoft said.
“This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers.”
Who is Hafnium?
Hafnium primarily targets entities in the US across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs, the blog explains.
The hacking group has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, Hafnium typically exfiltrates data to file sharing sites like MEGA.
In campaigns unrelated to these vulnerabilities, Microsoft has observed Hafnium interacting with victim Office 365 tenants. While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments.