Microsoft: China-linked hacking group targeting systems used by military contractors, think tanks

By Justin Doubleday / March 8, 2021 at 11:43 AM

A Chinese hacking group is exploiting flaws in Microsoft Exchange servers to target email systems used by a wide range of organizations, including military contractors and think tanks, according to Microsoft.

In a March 2 blog post, the company confirmed it had detected "multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks." A "0-day exploit" refers to a previously undetected vulnerability in a computer system.

The attackers used the flaws to access on-premise Exchange servers to gain further access to email accounts and also "allowed installation of additional malware to facilitate long-term access to victim environments."

Microsoft attributes the campaign to HAFNIUM, a state-sponsored group in China, according to the blog.

"HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs," the blog states.

Cybersecurity journalist Chris Krebs first reported last week that "at least 30,000" organizations have been targeted by the Exchange exploit.

"We are closely tracking Microsoft's emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities," Jake Sullivan, President Biden's national security adviser, tweeted on March 4. "We encourage network owners to patch ASAP."