Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from defense contractors, law firms, and infectious disease researchers.
The Windows giant today issued patches for Exchange to close up the bugs, and recommended their immediate application by all. On-prem and hosted Exchange, from version 2013 to 2019, are vulnerable and need fixing up.
Microsoft’s corporate veep for customer security and trust Tom Burt named the miscreants “Hafnium,” said they operate in China though use US-based servers, and classified the cyber-spy team as “a highly skilled and sophisticated actor” that's nation-state sponsored.
Burt said the snoops conduct a three-step attack:
The Chinese spies have in their arsenal four zero-day bugs that can be chained to ultimately break into vulnerable Exchange installations; they are, according to Microsoft:
We note that Microsoft recommends "prioritizing installing updates on Exchange Servers that are externally facing."
Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future