Microsoft has notified its customers against a new sophisticated nation-state cyber-attack that has its source in China and is originally targeting on-premises Exchange Server software of the tech giant.
After investigating the matter, Microsoft’s Threat Intelligence Centre has informed that the attacker’s group is known as “Hafnium”. Operating from China, the cybercriminals mostly attack infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs in the US for the purpose of extracting data.
“While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the US,” stated Tom Burt, Corporate Vice President, Customer Security, and Trust at Microsoft.
“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,” the Microsoft Threat Intelligence Center addressed in a blog on Tuesday.
“After exploiting these vulnerabilities to gain initial access, Hafnium operators deployed web shells on the compromised server,” the Center further stated. “Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.”
Furthermore, this is the eighth time in the past year, where the tech giant has publicly reported nation-state groups targeting organizations critical to the civil community.
Moreover, in January, Microsoft had confirmed that the alleged Russian hackers were behind the extensive SolarWinds attack that had affected numerous top-notch companies and government agencies, attempted ventures beyond just the presence of malicious SolarWinds code in its surroundings.
As per Burt, the latest China-based escapades are “in no way connected to the separate SolarWinds-related attacks”. “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” he stated.
Source: BBC News