SECURITY
SECURITY
SECURITY
Microsoft warns that Chinese hackers are targeting vulnerabilities in Exchange Server
Microsoft Corp. issued a warning today that a new Chinese state-sponsored hacking group is targeting on-premises versions of Microsoft Exchange Server using a number of recently identified and now patched vulnerabilities.
The hacking group, dubbed “Hafnium” by the Microsoft Threat Intelligence Center, is described as “highly skilled and sophisticated.” It’s specifically attempting to steal information from U.S. targets, including universities, defense contractors, law firms and infectious-disease researchers.
The vulnerabilities and the exploitation of them were first identified by researchers at cybersecurity firm Volexity Inc. in early January. The vulnerabilities, collectively zero-day or previously unrecognized exploits include a server-side request forgery vulnerability, an insecure deserialization vulnerability in the Unified Messaging Service and two post-authentication arbitrary file write vulnerabilities.
Hafnium exploited the vulnerabilities to trick targeted Exchange servers into allowing it access. The Chinese hackers then created a web shell to control the compromised server remotely, using that access to steal data from the organization’s network.
While Microsoft has released a patch for the vulnerabilities, the concern is that Exchange users will not promptly install the updates. “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, corporate vice president, customer security and trust at Microsoft, wrote in a blog post. “Promptly applying today’s patches in the best protection against this attack.”
Satnam Narang, staff research engineer at cybersecurity company Tenable Inc., told SiliconANGLE that the fact that Microsoft chose to patch these flaws early rather than include them as part of next week’s Patch Tuesday release indicates the flaws are quite severe.
“While Microsoft says that Hafnium primarily targets entities within the United States, other researchers say they have seen these vulnerabilities being exploited by different threat actors targeting other regions,” Narang said. “We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations that use Exchange Server to apply these patches immediately.”
Image: Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
