Microsoft has blamed cyber-espionage group for mail server attacks

Warning about Microsoft Exchange Server: Microsoft said a Chinese hacking group thought to have government backing is targeting previously unknown security flaws in versions of Exchange Server, an email and calendar application. The group, which Microsoft calls Hafnium, has previously tried to steal information from infectious disease researchers, law firms, defense contractors and others, the tech giant said. The Chinese Embassy in Washington didn’t immediately respond to a request for comment. (WSJ Pro Cybersecurity) 

Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software.

The security flaws allowed the hackers to remotely access email inboxes.

Microsoft’s Threat Intelligence Centre attributed the attacks with “high confidence” to Hafnium, a group assessed to be state-sponsored and operating out of China. It based its conclusion on “observed victimology, tactics and procedures”.

Microsoft said Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors. Policy think tanks and non-governmental groups have also been targeted.

This is the eighth time in the past 12 months that Microsoft has publicly accused nation-state groups targeting institutions critical to civil society.

Microsoft’s president has called the SolarWinds hack an “mass indiscriminate global assault” that should be a wake-up call to cyber-defenders.

Brad Smith was making a keynote speech at the CES technology trade show.

Earlier, it emerged President-elect Joe Biden had created a new post for a former National Security Agency official to help determine the US response to the attack.

Anne Neuberger had specialised in operations against Russia.

Pre-emptive strike

Plans to appoint her to the role of deputy national security adviser for cyber-security within the National Security Council were first reported by Politico and have now been confirmed by the New York Times.

The NYT said she had run the NSA’s Russia Small Group, responsible for a pre-emptive strike on Kremlin operatives in 2018.

She is currently head of the agency’s Cybersecurity Directorate. US intelligence agencies believe Russia was behind the SolarWinds attack, which compromised email accounts at the US Department of Justice as well as giving the perpetrators access to the systems of government agencies, businesses and other organisations worldwide.

UK assessing impact of major hacking campaign

The attack, using US firm SolarWinds’ Orion platform, was discovered last week but has been going on for months. A number of organisations, including US government departments, are understood to have been targeted.

A UK security source said “numbers in the UK are small and the organisations are not in the public sector”.

But it’s still early days in the investigation and more details could yet emerge.

What is described as a highly sophisticated cyber espionage operation had been under way for some months before it was spotted.

The access provided through compromising software from SolarWinds appears to have been used to steal data rather than for any disruptive or destructive impact.

It could have allowed the hackers to take a high degree of control over organisation’s networks, but just because someone downloaded the software does not necessarily mean data was taken.