Microsoft today revealed that government-backed hackers in China exploited previously unknown vulnerabilities to compromise its mail server software (Microsoft Exchange) and access email accounts, the BBC said.
After observing the hackers’ targets, tactics and procedures, Microsoft determined that they belonged to Hafnium, a state-sponsored group based physically in China but operating primarily from leased virtual private servers (VPS) in the US.
According to Microsoft, Hafnium tends to go after infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.
Given the COVID-19 pandemic, hacking for infectious disease research data perhaps shouldn’t be surprising. In the past, Russian and North Korean hackers have been blamed for attempts to steal vaccine data.
The BBC noted that this was the eighth time in 12 months that Microsoft had publicly blamed state-sponsored groups for hacking incidents.
China’s official response was rather predictable.
“China wishes relevant media and companies take a professional and responsible attitude, and base characterizations of cyber-attacks on ample evidence, rather than groundless guesses and accusations,” said Chinese foreign ministry spokesperson Wang Wenbin, according to Reuters.
As the BBC noted, Microsoft is one of the few Western tech giants that has a significant, tangible presence in China. Google, Facebook, and Twitter are all blocked in China, but Microsoft’s Bing and LinkedIn are still available to the general population.
Unsurprisingly, Microsoft has now released software updates that address the vulnerabilities exploited by the hackers.