Microsoft Warns of Chinese Hackers Targeting Business Email Systems

A recently discovered exploit for the Microsoft Exchange Server gives hackers a way to infiltrate company servers.
Jack Turner

Microsoft has warned its business customers of potential attacks on the Microsoft Exchange Server, which could result in the loss of sensitive company data.

The attacks, which Microsoft claims originates in China, target specific vulnerabilities in the software. The vulnerabilities  can be closed by updating via a recently released Microsoft patch.

If the software is infiltrated by the attacks, the hackers can place malware on a system, which could potentially allow for long term access.

Vulnerability of the Microsoft Exchange Server Found

First, the bad news. This is a vulnerability in the Microsoft Exchange Server application – a platform that is commonly used by businesses worldwide to handle email. The good news is that it has already been fixed, and can be remedied with the download of a patch.

The threat targets a specific, previously identified vulnerability in the email app. According to Microsoft, the hacking group behind the incident have been observed to wage “limited and targeted attacks” that allow for the installation of their own malicious software on the affected servers.

The news of the vulnerability was revealed on Microsoft's security blog, which has been proactive in alerting customers to potential hacks and issues across its range of products. Microsoft has offered practical advice on how to handle potential attacks, and warned who is behind them.

Identifying this particular exploit was handled by Microsoft in conjunction with security companies Volexity and Dubex, with further, detailed information available on the latter's blog.

“We strongly urge customers to update on-premises systems immediately” – Microsoft Security Blog

Who is Behind the Attack?

The group behind this latest attack, according to Microsoft, is Hafnium, a China-based group which it calls a “highly skilled and sophisticated actor”. The group is Chinese in origin, though activity is carried out via virtual private servers in the United States.

Hafnium has a three-pronged attack strategy when it comes to infiltrating the Microsoft Exchange Server. First, it gains access to the Exchange Server with stolen passwords, or via known vulnerabilities. Then, a web shell is created to control the server remotely. Lastly, this remote access is used to siphon data from the compromised company.

Once established, it's possible for the hacking group to continue to have unfettered access to the server, and continue siphoning off information indefinitely.

Previously, in instances where Hafnium has gained access to a network, it has moves data to file sharing sites, such as MEGA.

How to Fix the Microsoft Server Exchange Vulnerability

It's commonplace for companies to keep details of exploits under wraps until there is a fix in place. This helps to mitigate the potential damage that could be done.

This incident is no exception, and along with the news that the vulnerabilities exist and had been exploited, Microsoft also released a new patch.

For businesses using Microsoft Server Exchange, it's important that the patch is downloaded and applied as soon as possible, whether you think you have been targeted or not.

The software update can be found on Microsoft's site.

If you're concerned that your system may have been attacked through this method, Microsoft has also included some potential signs to look out for, including spotting unusual activity and checking log files for clues.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Jack is the Content Manager for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free