Microsoft fixes four zero-day flaws in Exchange Server exploited by China's ‘Hafnium’ spies to steal victims' data

Microsoft fixes four zero-day flaws in Exchange Server exploited by China's ‘Hafnium’ spies to steal victims' data

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from defense contractors, law firms, and infectious disease researchers.


The Windows giant today issued patches for Exchange to close up the bugs, and recommended their immediate application by all. On-prem and hosted Exchange, from version 2013 to 2019, are vulnerable and need fixing up.

Microsoft’s corporate veep for customer security and trust Tom Burt named the miscreants “Hafnium,” said they operate in China though use US-based servers, and classified the cyber-spy team as “a highly skilled and sophisticated actor” that's nation-state sponsored.


Burt said the snoops conduct a three-step attack:

  • Gain access to an Exchange Server either using stolen passwords or by using zero-day vulnerabilities, and disguise themselves as a legitimate user.

  • Control the compromised Exchange Server remotely using a web shell.

  • Use the resulting remote access, from servers located in America, to exfiltrate internal data.

  • The Chinese spies have in their arsenal four zero-day bugs that can be chained to ultimately break into vulnerable Exchange installations; they are, according to Microsoft:

    We note that Microsoft recommends "prioritizing installing updates on Exchange Servers that are externally facing."


    Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future


    READ MORE

    Security consultancy Volexity, which Microsoft credits with having helped it uncover two of the bugs, has posted its