Microsoft Says Chinese Hackers Targeted US Groups via Its Exchange Server Software

Microsoft says Chinese hacking group that it calls Hafnium was able to trick Exchange servers into allowing it to gain access.

Advertisement
By Reuters | Updated: 3 March 2021 10:46 IST
Highlights
  • Group is based in China but operates from leased virtual private servers
  • The hackers' increasingly aggressive moves began to attract attention
  • Hackers who went after SolarWinds also breached Microsoft itself

Microsoft's near-ubiquitous suite of products has been under scrutiny since the hack of SolarWinds

A China-linked cyberespionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday - an example of how commonly used programmes can be exploited to cast a wide net online.

In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.

Advertisement

In a separate blog post, cybersecurity firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal "the full contents of several user mailboxes." All they needed to know were the details of Exchange server and of the account they wanted to pillage its emails, Volexity said.

The Chinese Embassy in Washington did not immediately return messages seeking comment. Beijing routinely denies carrying out cyberespionage despite a drumbeat of allegations from the United States and others.

Ahead of the Microsoft announcement, the hackers' increasingly aggressive moves began to attract attention from across the cyber-security community.

Mike McLellan, director of intelligence for Dell's Secureworks, said ahead of the Microsoft announcement that he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.

Advertisement

Microsoft's near-ubiquitous suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks.

Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code - including elements of Exchange, the company's email, and calendaring product.

Advertisement

McLellan said that for now, the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.

"We haven't seen any follow-on activity yet," he said. "We're going to find a lot of companies affected but a smaller number of companies actually exploited."

Advertisement

Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.

© Thomson Reuters 2021
 


Is Samsung Galaxy F62 the best phone under Rs. 25,000? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Microsoft, SolarWinds
Advertisement

Related Stories

Popular Mobile Brands
  1. Huion's 2026 India Lineup Defines Next-Gen Creativity
  2. Amazon Prime Day Mobile Offers 2026: Best Deals on OnePlus, Nothing and More
  3. DJI Mic Mini 2S Launched With 32-Bit Float Recording, AI Noise Cancellation
  4. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  5. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  6. Alienware 15 Arrives in India as Dell's Most Affordable Gaming Laptop Yet
  7. Best Mobiles To Grab During The Flipkart GOAT Sale
  8. iPhone 18 Pro Max Might Arrive With Apple's Biggest Battery Yet
  9. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.