SAN FRANCISCO: Microsoft said a state-sponsored hacking group operating from China is exploiting previously unknown security flaws in Exchange email services to steal data from business users.
The company said that the hacking group, which it called “Hafnium”, is “a highly skilled and sophisticated actor”.
Hafnium has in the past targeted US-based companies, including infectious disease researchers, law firms, universities, defense contractors, think tanks, and NGOs.
In a blog post on Tuesday, Microsoft CEO Tom Burt said the company has released updates to fix security flaws, which apply to local versions of the software rather than cloud-based versions, and urged customers to apply them.
“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unprecedented systems,” he added.
“The immediate application of today’s corrections is the best protection against this attack.”
Microsoft said that the group was based in China, but it operates through virtual private servers rented in the United States, and that it has informed the US government about it.
Beijing has previously responded to US accusations of state-sponsored cyber theft. Last year, Washington was charged with defamation after allegations that Chinese hackers were trying to steal research on the Coronavirus.
In January, US intelligence and law enforcement agencies said Russia may have been behind a massive SolarWinds hack that shook government and corporate security, contradicting then-President Donald Trump who indicated that China might be responsible.
Microsoft said on Tuesday that the Hafnium attacks “were in no way connected to separate attacks related to the SolarWinds system.”