Microsoft says Chinese hackers exploited bug to target American companies

Microsoft said it has released security updates to address vulnerabilities in its Exchange Server software, which is used for work email and calendar services, especially for large organizations that have their own face-to-face email servers. It does not affect personal email accounts or Microsoft cloud-based services.

The company said the group of hackers it calls Hafnium was able to trick Exchange servers into allowing them to gain access. The hackers then masked themselves as someone who should have access and created a way to control the server remotely so that they could steal data from an organization’s network.

Microsoft said the group is based in China, but operates from rented virtual private servers in the United States, which helps to avoid detection.

The company declined to name specific targets or say how many organizations were affected.

Reston, Virginia-based cybersecurity company Volexity, which Microsoft credits for helping to detect intrusions, said its network security monitoring service began to detect a suspiciously large data transfer in late January.

“They are just downloading email, literally going to the city,” said Steven Adair, president of Volexity, who said the targets include “defense contractors, international aid and development organizations, the community of NGO think tanks. ”.

Adair said he is concerned that hackers will speed up their activities in the coming days, before organizations can install Microsoft security updates.

“As bad as it is now, I think it is going to get much worse,” he said. “It gives them a limited opportunity to explore something. The patch will not fix this if they leave the back door behind. “