Microsoft says Chinese-based group attempting to steal American data
Your email could allow hackers access to your personal information or potentially your business’ info.
Microsoft announced recently HAFNIUM, a group in China found to be state-sponsored, is attempting to access data from Americans.
The group is reportedly looking to hack mostly specific industries such as law firms, higher education, defense contractors and even infectious disease researchers.
If the hack is successful, HAFNIUM could get administrative access to servers.
“These hackers are taking information from the Microsoft suite that includes Outlook email, the calendar, contact lists and putting them on the dark web for other individuals to take, or for the Chinese hackers to use for their own country’s benefit,” said Alex Pham, a cybersecurity expert.
This is all part of what the FBI calls an Advanced Persistent Threat (APT).
Microsoft has sent out some patches that need to be installed immediately. Experts say these attacks are more likely to be successful against state and local governments and small businesses, but everyone should update their systems.
According to Microsoft, “HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA.”
- HAFNIUM targeting Exchange Servers with 0-day exploits
- FBI – Statement on Microsoft Exchange Server Vulnerabilities
- Microsoft security update guide
- New nation-state cyberattacks
- Mitigate Microsoft Exchange Server Vulnerabilities