A China-linked cyber-espionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft (NASDAQ:MSFT) mail server software, the company and outside researchers said on Tuesday — an example of how commonly used programs can be exploited to cast a wide net online.
In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.
In a separate blog post, cybersecurity firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal "the full contents of several user mailboxes." All they needed to know were the details of Exchange server and of the account they wanted to pillage, Volexity said.
China opposes all forms of cyberattacks, Chinese foreign ministry spokesman Wang Wenbin said at a news briefing in Beijing on Wednesday.
"China wishes relevant media and companies take a professional and responsible attitude, and base characterizations of cyberattacks on ample evidence, rather than groundless guesses and accusations," he said.
Ahead of the Microsoft announcement, the hackers’ increasingly aggressive moves began to attract attention across the cybersecurity community.
Microsoft’s suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks.
Shares in what the industry calls "Mr. Softee" fell 80 cents to $233.07.
