Microsoft says Chinese hackers are exploiting mail server vulnerabilities

Microsoft said on Tuesday a Chinese state- Hackers used flaws in the software to gain access to email accounts via on-premise Exchange servers. According to Microsoft, Hafnium operates mostly using leased virtual private servers in the U.S., and primarily targets entities in the country across several industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs. “These attacks appear to have started as early as January 6, 2021,” Volexity said in a blog post, “The attacker was using the vulnerability to steal the full contents of several user mailboxes.” “This vulnerability is remotely exploitable and does not require authentication of any kind, nor does it require any special knowledge or access to a target environment. Enterprise customers mainly use Microsoft Exchange Server, and according to the company it has “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.” Microsoft has released security updates for customers using its Exchange Server and urges them to apply these updates immediately.