Chinese hackers were using Exchange to spy on users, says Microsoft


Microsoft recommended the urgent update e-mail server using Exchange as a way to mitigate a series of attacks that are happening, especially against US users. According to the company, four vulnerabilities are being used by a Chinese group to break into mailboxes, read messages and steal industrial secrets from American companies and institutions.

The scams are said to be highly sophisticated and would be the work of a group known only as Hafnium. Despite not giving more details about the criminals, Microsoft talks about an operation that has the support of the government of China, with the use of zero-day vulnerabilities focused on servers operated by the companies themselves, which are not always subject to the same guard - security umbrella that large cloud applications, for example.

According to Microsoft, the exploitation begins with the four vulnerabilities cited, which allow the attacker to gain access to the Exchange servers and "disguise" themselves as legitimate access. From this, it would be possible to open a remote access door so that the data exchanged between email users are effectively read and intercepted, with few traces in the corporate infrastructure, making detection difficult.

The flaws affect the 2013, 2016 and 2019 versions of Microsoft Exchange, but not their online alternative. In addition to publishing updates, which are critical and must be applied by all users of the platform (even more so, which are public and can be used by other criminals), the company also released a report on the vulnerabilities, which also include indicators of commitment and steps to find out if an infrastructure has been compromised by the attacks.

On the other hand, Microsoft has made it clear that the exploitation of such vulnerabilities is not related to the recent attack on SolarWinds' systems, which exposed the source code for several of Redmond's solutions. According to the company, the case continues to be monitored and, at least for now, systems and software provided by it were not used in subsequent attacks against customers or partners.

Post a Comment

0 Comments