April 20, 2021 02:21 (IST)
Follow us:
facebook-white sharing button
twitter-white sharing button
instagram-white sharing button
youtube-white sharing button
Bengal Polls 2021: BJP cancels big rallies, roadshows amid Covid-19 spread | UP govt refuses to follow Allahabad High Court's order to impose lockdown in 5 cities | Britain adds India to its travel ban 'red list' after Covid surge | Delhi govt orders summer vacation in city schools from tomorrow till June 9 | Vaccination for all above 18 years to commence from May 1: Centre
Microsoft accuses China of e-mail server cyber attack, Beijing says it combats cyber attacks in all forms Chinese hackers
Image: Unsplash

Microsoft accuses China of e-mail server cyber attack, Beijing says it combats cyber attacks in all forms

India Blooms News Service | @indiablooms | 05 Mar 2021, 11:20 am

IT giant Microsoft recently claimed a group of hackers linked to China hacked into its popular email service that allowed them to gain access to computers.

"Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor," Microsoft said in a blog post.

Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, the IT company claimed.

"While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States," the company said.

"Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here," it said.

"The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network," Microsoft said.

China reacted to claims and the country's Foreign Ministry Spokesperson Wang Wenbin said in a statement: "China firmly opposes and combats cyber attacks and cyber theft in all forms. This position is consistent and clear. China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue. It is also a highly sensitive political issue to pin the label of cyber attack to a certain government."

"We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations," he said.