Tech giant Microsoft has accused a Chinese cyber-espionage group of sensitive cyber attacks on its mail server software and warned its customers about it. As per Microsoft, the hacking efforts utilized four earlier inconspicuous vulnerabilities in multiple versions of the software. It gives remote access to email inboxes to hackers.

Named “Hafnium”, It is conceived and functioning from China and attacking to filter information from infectious disease researchers, law firms, NGOs, higher education institutions, policy think tanks, defence contractors, and non-governmental groups in the US.

The Microsoft Threat Intelligence Center (MSTIC) reported that the Hafnium conducts its operations mainly from leased virtual private servers as well as interacting with users of the Microsoft Office 365 suite.

Burt said in a statement that the Hafnium,

1. Enter into an Exchange Server either with stolen passwords or through the inconspicuous vulnerabilities to disassembles itself as a person who should have accessibility.
2. It generates a web shell to remotely regulate the compromised server.
3. It steals data from an organisation’s network by remotely accessing US-based private servers.

The company has published software updates to safeguards their customers from running Exchange Server and urges them to implement these updates as quickly as possible.

“Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products,”

Burt informed.

“Other activity we disclosed has targeted healthcare organisations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences,”

Burt said.

As per Microsoft, this attack was not in any way connected to the SolarWinds attack that strikes government agencies of the US at the end of last year.