{"id":187648,"date":"2021-03-02T22:00:17","date_gmt":"2021-03-03T03:00:17","guid":{"rendered":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=187648"},"modified":"2021-03-02T22:00:22","modified_gmt":"2021-03-03T03:00:22","slug":"microsoft-targeted-by-hacking-group-backed-by-chinese-government","status":"publish","type":"post","link":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/microsoft-targeted-by-hacking-group-backed-by-chinese-government\/","title":{"rendered":"Microsoft Targeted By Hacking Group Backed By Chinese Government"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-count mash-medium\" style=\"&quot;\"><div class=\"counts mashsbcount\">18<\/div><span class=\"mashsb-sharetext\">SHARES<\/span><\/div><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.conservativenewsdaily.net%2Fbreaking-news%2Fmicrosoft-targeted-by-hacking-group-backed-by-chinese-government%2F\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Facebook<\/span><\/a><a class=\"mashicon-twitter mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=187648&amp;via=ConservNewsDly\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-medium mash-nomargin mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe<\/span><\/a><div class=\"onoffswitch2 mash-medium mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><div><img decoding=\"async\" src=\"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-content\/uploads\/2021\/03\/A6286CB0-14B8-4D7F-A0AC-6E6E47B99D63_1_201_a.jpeg?w=1200&#038;h=800&#038;ixlib=react-9.0.3\" class=\"ff-og-image-inserted\" \/><\/div>\n<p>On Tuesday, Microsoft stated that a hacking group backed by the Chinese government is reportedly using the security deficiencies in their common email system utilized by many American businesses.<\/p>\n<p>In a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/\">blog<\/a> post, Microsoft explained the details of the cyber hack:<\/p>\n<blockquote>\n<p><em>Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.<\/em><\/p>\n<\/blockquote>\n<p>The report explains that \u201cHafnium\u201d is a group that mainly goes after U.S. organizations. The areas that it tends to target include \u201cinfectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.\u201d<\/p>\n<p>Microsoft\u2019s post goes on to say that this is not the first time Hafnium has struck vulnerable groups, adding that it \u201chas previously<br \/>compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they\u2019ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA.<\/p>\n<p>\u201cIn campaigns unrelated to these vulnerabilities, Microsoft has observed HAFNIUM interacting with victim Office 365 tenants. While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets\u2019 environments.\u201d<\/p>\n<p>The report details that after Hafnium reached a preliminary entrance, its \u201coperators deployed web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.\u201d<\/p>\n<p>As reported by <a href=\"https:\/\/thehill.com\/policy\/cybersecurity\/541312-microsoft-says-chinese-hacking-group-targeting-security-flaws-in\">The Hill<\/a>, Microsoft asked its customers to upgrade their Exchange Server in order to mend four vulnerable points in their program.<\/p>\n<p>Tom Burt, Microsoft\u2019s corporate vice president of customer trust and security, responded to the incident in a <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/\">blog<\/a> post, saying, \u201cEven though we\u2019ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today\u2019s patches is the best protection against this attack.\u201d<\/p>\n<p>Burt added, \u201cThis is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society; other activity we disclosed has targeted healthcare organizations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences.\u201d<\/p>\n<p>Referencing the recent <a href=\"https:\/\/www.nytimes.com\/2021\/01\/02\/us\/politics\/russian-hacking-government.html\">SolarWinds hack<\/a> that affected multiple government and private agencies and is believed to have been executed by Russia, Burt said that this hack was separate.<\/p>\n<p>He explains, \u201cThe exploits we\u2019re discussing today were in no way connected to the separate SolarWinds-related attacks. We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.\u201d<\/p>\n<p>Microsoft also stated that it has briefed United States government officials on the most recent hack.<\/p>\n<p><em><span>The Daily Wire is one of America\u2019s fastest-growing conservative media companies and counter-cultural outlets for news, opinion, and entertainment. Get inside access to The Daily Wire by becoming a<\/span><\/em> <a href=\"https:\/\/www.dailywire.com\/subscribe\"><span>member<\/span><\/a><span>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Tuesday, Microsoft stated that a hacking group backed by the Chinese government is reportedly using the security deficiencies in their common email system utilized by many American businesses. In &#8230;<\/p>\n","protected":false},"author":1,"featured_media":2274628,"comment_status":"close","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mo_disable_npp":"","fifu_image_url":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-content\/uploads\/2021\/03\/A6286CB0-14B8-4D7F-A0AC-6E6E47B99D63_1_201_a.jpeg?w=1200&h=800&ixlib=react-9.0.3","fifu_image_alt":"Microsoft Targeted By Hacking Group Backed By Chinese Government","footnotes":""},"categories":[],"tags":[],"class_list":["post-187648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"fifu_image_url":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-content\/uploads\/2021\/03\/A6286CB0-14B8-4D7F-A0AC-6E6E47B99D63_1_201_a.jpeg?w=1200&h=800&ixlib=react-9.0.3","fifu_image_alt":"Microsoft Targeted By Hacking Group Backed By Chinese Government","_links":{"self":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/187648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/comments?post=187648"}],"version-history":[{"count":0,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/187648\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media\/2274628"}],"wp:attachment":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media?parent=187648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/categories?post=187648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/tags?post=187648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}