Microsoft issued a release on Tuesday March 2 stating that a China-linked cyber threat actor has been exploiting loopholes in its email server to steal data from emails remotely.
Microsoft said that the targets of hacking include “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.”
Microsoft has detected four exploits being used to attack on-premises versions of the Microsoft Exchange Server. The hacker organization is called Hafnium, a state-sponsored actor based in China. It conducts its operations primarily from leased virtual private servers (VPS) in the United States. Microsoft only recently discovered Hafnium’s activities. It has briefed the U.S. government agencies on this activity.
This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society. Other activities have targeted healthcare organizations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences.
Source: Radio Free Asia, March 3, 2021
https://www.rfa.org/cantonese/news/us-hack-03032021042929.html
Microsoft, March 2, 2021
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/