Microsoft says China-linked group targeting Exchange email servers

Microsoft is urging customers to download software patches after state-sponsored hackers based in China broke into some customers’ copies of its software for email, contacts and calendar using multiple previously undiscovered flaws.

By:BLOOMBERG
| Updated on: Aug 21 2022, 15:34 IST
A Microsoft logo is seen at a pop-up site for the new Windows 10 operating system at Roosevelt Field in Garden City, New York 
A Microsoft logo is seen at a pop-up site for the new Windows 10 operating system at Roosevelt Field in Garden City, New York  (REUTERS)

Microsoft is urging customers to download software patches after state-sponsored hackers based in China broke into some customers' copies of its software for email, contacts and calendar using multiple previously undiscovered flaws.

The attackers used the vulnerabilities to hack into Microsoft Exchange Server, allowing them to break into email accounts and install malware to “facilitate long-term access to victim environments,” Microsoft said Tuesday.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Also read: Microsoft Teams gets new features including end-to-end encryption option for 1:1 VoIP calls

Also read
Looking for a smartphone? To check mobile finder click here.

Microsoft released patches for the flaws in a blog post announcing the attack. “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks,” the blog said.

Previously undiscovered vulnerabilities are known as zero-days, and they are valuable to hackers because there aren't defences against them -- at least until they are discovered and patches are created. These zero-days are highly prized and sought after by both security researchers who then work on patches with companies, as well as by hackers who can then use them to target various systems.

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately,” the company said. It added that on-premise systems were affected but the online version of Exchange wasn't.

Read more: Microsoft's decision to “combine” Windows 10 updates could make the entire process a lot easier and reduce failure

The hackers responsible are “a group assessed to be state-sponsored and operating out of China,” according to the blog. They typically target “entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.”

  • With inputs from HT Correspondent

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 03 Mar, 13:43 IST
NEXT ARTICLE BEGINS