According to Microsoft, Hafnium made use of the four security vulnerabilities that were newly found to break into the Exchange email servers that run on company networks, giving these attackers the chance to steal information from the organization of victims – like address books and email accounts – and also the ability to place malware.
The tech giant is warning its customers that a state-sponsored threat actor from China is exploiting four formerly unknown security lapses in Exchange Server, which is an enterprise email product that the software giant built.
Microsoft stated on Tuesday that it believes that Hafnium, which is the hacking group, made an attempt to steal data from a wide seat of organizations based in the United States, which includes defense contractors and law firms. It also made the attempt on policy think tanks and infectious disease researchers.
These four vulnerabilities have the power of creating an attack chain that'll be able to compromise the on-premise servers that are vulnerable and run Exchange 2013 and beyond if used together.
Hafnium doesn't operate in China but makes use of servers in the United States to launch all attacks, according to the company.
The Microsoft Response To Hafnium Zero-day Attack
According to Microsoft, with the use of the 4 vulnerabilities, Hafnium was the main threat group it found. (A former article by Microsoft said that the “only” group that exploited the vulnerabilities is Hafnium).
Microsoft didn't disclose the number of successful attacks it'd seen but said the number is “limited.”
There are now patches that can fix these 4 security vulnerabilities, one week earlier compared to the typical patching schedule of the company, normally reserved for every second Tuesday of a month.
The vice president of Microsoft for customer security, Tom Burt, stated that although they have worked fast to deposit an update for the exploits of Hafnium, they're aware that several criminal groups and nation-state actors will quickly move to take advantage of all unpatched systems they can find.
The company also stated that it has briefed the United States government agencies on what it found. Let's see what happens as time goes on.