Microsoft says Chinese hackers have exploited the errors to target U.S. companies

Microsoft said it has released security updates to address vulnerabilities in its Exchange Server software, which is used for email and work schedule services, primarily for larger organizations that have their own email servers in person. It does not affect personal email accounts or Microsoft cloud-based services.

The company said the hacking group it calls Hafnium was able to trick Exchange servers into allowing it access. Hackers pretended to be someone who should have access to it and created a way to remotely control the server so they could steal data from an organization’s network.

Microsoft said the group is headquartered in China, but operates from virtual private servers leased in the United States, which helps it avoid detection.

The company declined to name any specific targets or say how many organizations were affected.

Reston, Virginia-based cybersecurity company Volexity, which Microsoft credits to help detect intrusions, said its network security monitoring service began collecting a suspiciously large data transfer in late January. .

“They just download emails, they will literally go to the city,” said Steven Adair, president of Volexity, who said the goals include “defense contractors, international aid and development organizations, the community think tank. NGO “.

Adair said it is concerned that hackers will accelerate their activity in the coming days before organizations can install Microsoft security updates.

“As bad as it is now, I think it’s about to get a lot worse,” he said. “That gives them a limited amount of opportunities to go explode something. The patch won’t fix that if they left the back door behind.”