Microsoft said Tuesday that a sophisticated group of China-related hackers hacked their popular e-mail service to allow them computer access.
In a blog post on Tuesday, the company said that four vulnerabilities in its software allowed hackers to access servers for Microsoft Exchange, “which enabled access to email accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments,” reported CNN.
The company also stated that the Exchange online platform was not affected by the cyber attack. Microsoft (MSFT) is now urging users for the four different vulnerabilities that have been found to download patches or fixes.
The company also said it believes the attacks were carried out by Hafnium, “a group assessed to be state-sponsored and operating out of China.”
“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately… This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers,” it said.
In simpler words, Hafnium is a network of hackers that “primarily targets entities in the US across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and [non-government organizations],” reported CNN citing Microsoft.
While the group is supposed to have its home in China, the company usually strikes using US-based virtual private servers.
In response to Microsoft’s allegations, a spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”
This isn’t, according to CNN, the first Hafnium engraving by Microsoft. The tech giant has seen the group ‘interacting with victim’ users of Office 365 before — on separate, unrelated occasions, it said.