Home / Early Warning / Cybersecurity Highlights / Microsoft warns that government-backed cybercriminals gained access to email systems

Microsoft warns that government-backed cybercriminals gained access to email systems

03/02/2021

The Microsoft Threat Intelligence Center (MSTIC) has reported multiple 0-day exploits used by a Chinese state-sponsored threat actor to attack local versions of Microsoft Exchange Server in a limited, targeted and active manner.

The actor, who is dubbed HAFNIUM and exploiting vulnerabilities, has gained access to email accounts and installed additional malware to facilitate long-term access to environments of victims to extract information.

HAFNIUM is based in China and operates through virtual private servers (VPS) rented in the United States.

For the time being, Microsoft has already released relevant security updates to its customers and there is no evidence that the attacks are targeting individual consumers or affecting other products.

The vulnerabilities exploited by the threat actor and the products affected are listed in the advisory published by INCIBE-CERT.