Microsoft accuses China of e-mail server cyber attack, Beijing says it combats cyber attacks in all forms
IT giant Microsoft recently claimed a group of hackers linked to China hacked into its popular email service that allowed them to gain access to computers.
"Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor," Microsoft said in a blog post.
Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, the IT company claimed.
"While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States," the company said.
"Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here," it said.
"The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network," Microsoft said.
China reacted to claims and the country's Foreign Ministry Spokesperson Wang Wenbin said in a statement: "China firmly opposes and combats cyber attacks and cyber theft in all forms. This position is consistent and clear. China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue. It is also a highly sensitive political issue to pin the label of cyber attack to a certain government."
"We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations," he said.